Sourcefire fixes Snort flaw

By Bill Brenner, Senior News Writer 20 Feb 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

The vendor said in a its Sourcefire advisory that the flaw is in the Snort DCE/RPC preprocessor. "This preprocessor is vulnerable to a stack-based buffer overflow that could potentially allow attackers to execute code with the same privileges as the Snort binary," the company said.

The problem affects Snort 2.6.1, 2.6.1.1, and 2.6.1.2; and Snort 2.7. beta 1. Users are advised to neutralize the flaw by upgrading to Snort version 2.6.1.3 or 2.7 beta 2.

The French Security Incident Response Team (FrSIRT) described the flaw as a critical buffer overflow error within the DCE/RPC preprocessor -- enabled by default -- that surfaces when malformed data is processed via the "ReassembleSMBWriteX()" and "ReassembleDCERPCRequest()" functions. This "could be exploited by attackers to compromise a vulnerable system by sending specially crafted packets to a network being monitored by a vulnerable application," FrSIRT said.

Sorcefire news: Sourcefire's Roesch pledges long, open source life for Snort Sourcefire going public Sourcefire IPO could fuel Snort, users say

Sourcefire, based in Columbia, Md., commercialized the widely popular Snort tool and has made inroads the last couple of years in the emerging intrusion prevention market. The company announced late last year that it had filed with the U.S. Securities and Exchange Commission to raise up to $75 million in an initial public offering (IPO) of stock.

The company ran into controversy in 2005 when Check Point announced plans to acquire it for $225 million in cash.

The deal was unpopular among die-hard Snort users. Some feared Check Point would allow Snort to languish, as some feel it has done since it acquired the popular free ZoneAlarm desktop firewall application as part of its $205 million purchase of Zone Labs in 2003. Others worried that Check Point would seek to further monetize Snort by no longer allowing it to be an open source product.

The Israeli enterprise security company ran into trouble with the Committee on Foreign Investment in the United States (CFIUS), which scrutinized the deal amid concerns that foreign ownership of Snort would threaten U.S. national security.

It became a moot point last March, when Check Point withdrew its application to acquire Sourcefire.

Tags: Open Source Security Tools and Applications,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Open Source Security Tools and Applications Screencast: Samurai offers pen-testing nirvana Rootkit Hunter demo: Detect and remove Linux rootkits When to use open source security tools over commercial products Screencasts: On-screen demonstrations of today's IT tools Maltego demo: Identifying a website's trust relationships Free HP SWFScan tool detects Adobe Flash flaws L0phtCrack returns How to use (almost) free tools to find sensitive data Should open source disk-encryption software be used? Open source security concerns can trump cost savings

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Blowfish  (SearchSecurity.com) Kermit  (SearchSecurity.com) Open Source Hardening Project  (SearchSecurity.com) SnortSnarf  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary