Snort, the open source intrusion detection system, contains a remotely exploitable flaw that hackers could use to launch DOS attacks and disable malicious traffic detection.
A successful exploit would cause the IDS system CPU to run at 100 percent capacity and knock out Snort's intrusion detection capabilities, allowing malicious traffic to bypass Snort filters and enter the network, said Randy Smith, a Ph.D. student in the Computer Sciences Department at the University of Wisconsin-Madison.
Smith was part of the team of researchers that informed Sourcefire of the vulnerability and provided the vendor with a fix for the vulnerability. Sourcefire has fixed the problem in Snort version 2.6.1; previous versions are vulnerable.
The exploit is not very difficult to achieve, but an attacker would need to understand how Snort's signature matching operation works and have a detailed understanding of the code, Smith added. The exploit requires minimal bandwidth and could be triggered by an attacker using a dialup modem.
Symantec Deepsight rated the severity of the flaw as 7.8 on a 10 point scale. Secunia saw it as less serious, giving it a rating of 'less critical', or 2 on a 5 point scale.
Sourcefire, which oversees commercial development of Snort, last October filed for a $75 million initial public offering. Snort is used by Department of Defense and other government agencies, as well as by several large U.S. corporations.
Sourcefire's Vulnerability Research Team was credited with discovering a remote code execution flaw in Microsoft Outlook which was fixed earlier this week in the Redmond, Wash.-based vendor's monthly patch release.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
10 Challenges That HP Wants Partners To Tackle Right Now CRN speaks with HP's business unit chiefs to get a sense of where they'd like partners to focus in the coming year, as well as how CEO Meg Whitman is making a difference. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Grow Your MSP Business Easily and Affordably with Cisco OnPlus Network Assessment, Management and Advisory Services
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
