Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Snort RPC preprocessor buffer overflow

Snort RPC preprocessor buffer overflow

by Mario Miri on April 9th, 2003 Snort RPC preprocessor is remotely vulnerable to buffer overflow attacks which may result in instruction execution with root privileges. This is due to a programming bug which exists in packet reassembly module (which is enabled by default).


Vulnerable:
Snort Project Snort 1.8
Snort Project Snort 1.8.1
Snort Project Snort 1.8.2
Snort Project Snort 1.8.3
Snort Project Snort 1.8.4
Snort Project Snort 1.8.5
Snort Project Snort 1.8.6
Snort Project Snort 1.8.7
Snort Project Snort 1.9


Solution:
Fix is available from the following location:
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/snort/snort/src/preprocessors/spp_rpc_decode.c
A suggested workaround is to disable the RPC preprocessor by editing snort.conf file.
MandrakeSoft has released patches.


Discovered by:
ISS X-Force


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »