Patch/Configuration Management, Vulnerability Management

Sourcefire pushes update to fix Snort flaw, workaround for beta users

Sourcefire has urged users of its popular Snort intrusion-prevention technology to upgrade to a newer version of the product to fix a recently discovered vulnerability.

The Columbia, Md. firm alerted users to a flaw in Snort’s DCE/RPC processor, which is vulnerable to stack-based buffer overflow attacks.

Sourcefire has released updates to fix problem, and has not received reports of exploitation, according to the advisory.

The vulnerability affects Snort versions 2.6.1, 2.6.1.1 and 2.6.1.2, Snort 2.7.0 beta 1 and Sourcefire commercial products, according to the company advisory.

The firm urged Snort 2.6.1.x users to upgrade to version 2.6.1.3 immediately.

The issue in Snort 2.7 beta 1 will be fixed in Snort 2.7 beta 2. Until its release, beta users have been advised to disable the DEC/RPC processor.

Secunia ranked the buffer overflow flaw as "highly critical," meaning it’s remotely exploitable without user interaction.

The flaw, CVE-2006-5276 in the Common Vulnerabilities and Exposures listing, was discovered by Neel Mehta, team lead of the X-Force Advanced Research Group at IBM Internet Security Systems.

Mehta told SCMagazine.com today that Snort is more prone to vulnerabilities because of how often Sourcefire updates the program. He also praised the company for a quick response to the flaw.

"It’s a relatively quickly changing product – they’re always adapting to new attacks, always writing new code," he said. "The fact that they have a lot of code makes them more at risk than other programs. I think that’s just the nature of the program."

Last month, researchers from the University of Wisconsin revealed a flaw in Snort version 2.4.3 that could be exploited in a DoS attack. The flaw was fixed in Snort version 2.6.1, according to Secunia.

Click here to email Online Editor Frank Washkuch Jr.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.