Info

Disclosure

Mar 03, 2003

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Snort contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to a flaw in the Remote Procedure Call (RPC) preprocessor. If an attacker sends fragmented RPC traffic to a system running Snort, they may be able to overflow the buffer and crash the IDS or execute arbitrary code with the same privileges as the IDS.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Solution: Workaround, Upgrade
Exploit: Exploit Rumored
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Security Software

Solution

Upgrade to version 2.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: disable the rpc_decode preprocessor edit snort.conf, replace any lines that begin with "preprocessor rpc_decode" with "preprocessor rpc_decode"

Products

Sourcefire, Inc.	Snort	1.8.x
		1.9.0
		2.0beta

References

ISS X-Force ID: 10956
CVE ID: 2003-0033 (see also: NVD)
Bugtraq ID: 6963
CERT VU: 916785
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-03/0044.html
Other Advisory URL: http://cert.uni-stuttgart.de/archive/bugtraq/2003/03/msg00123.html
http://cert.uni-stuttgart.de/archive/bugtraq/2003/04/msg00084.html
http://cert.uni-stuttgart.de/archive/bugtraq/2003/04/msg00266.html
http://seclists.org/lists/fulldisclosure/2003/Apr/0470.html
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951
http://www.linuxsecurity.com/advisories/engarde_advisory-2944.html

Credit

ISS X-Force Research - xforceiss.net - Internet Security Systems

Direct URL: http://osvdb.org/4418

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Sourcefire, Inc.

Snort

References

Credit