A vulnerability in the Snort open-source intrusion detection software puts companies at serious risk, the researcher who discovered the bug said Wednesday. "The vulnerability is very easy to exploit, and potentially quite workable," said Neel Mehta, the team leader for Internet Security Systems' (IS) X-force research group, and the discoverer of the flaw.
The vulnerability is in Snort's preprocessor component used to detect an older, and essentially obsolete, Trojan, Back Orifice. A single UDP packet can trigger a stack-based overflow, allowing an attacker to fully compromise a system or appliance running Snort or Sourcefire, which also uses the Snort code, said Mehta. Snort is an open-source intrusion detection system (IDS) used by more than 100,000 companies and government agencies to defend networks, according to its developer, Sourcefire. The Snort code is also tucked inside at least 45 commercially-sold IDS appliances.
View: The full story
News source: CRN
-1 Comments - Add comment