Sourcefire has urged users of its popular Snort intrusion-prevention technology to upgrade to a newer version of the product to fix a recently discovered vulnerability.
The Columbia, Md. firm alerted users to a flaw in Snort’s DCE/RPC processor, which is vulnerable to stack-based buffer overflow attacks.
The vulnerability affects Snort versions 2.6.1, 18.104.22.168 and 22.214.171.124, Snort 2.7.0 beta 1 and Sourcefire commercial products, according to the company advisory.
The firm urged Snort 2.6.1.x users to upgrade to version 126.96.36.199 immediately.
The issue in Snort 2.7 beta 1 will be fixed in Snort 2.7 beta 2. Until its release, beta users have been advised to disable the DEC/RPC processor.
Secunia ranked the buffer overflow flaw as "highly critical," meaning it’s remotely exploitable without user interaction.
Mehta told SCMagazine.com today that Snort is more prone to vulnerabilities because of how often Sourcefire updates the program. He also praised the company for a quick response to the flaw.
"It’s a relatively quickly changing product – they’re always adapting to new attacks, always writing new code," he said. "The fact that they have a lot of code makes them more at risk than other programs. I think that’s just the nature of the program."
Last month, researchers from the University of Wisconsin revealed a flaw in Snort version 2.4.3 that could be exploited in a DoS attack. The flaw was fixed in Snort version 2.6.1, according to Secunia.
Click here to email Online Editor Frank Washkuch Jr.