[Snort-users] Remote Vulnerability in Snort - Fix and Workaround Available

Hey everyone,

A vulnerability was found in PrintTcpOptions() function located in
snort-2.4.0/src/log.c that could allow an attacker to craft a malformed
TCP/IP packet and potentially cause a DoS in Snort. This vulnerability
is only present in the rare instances that Snort is run in verbose mode
(using the switch -v).

Details:
An attacker can exploit this vulnerability with malicious TCP traffic
containing a bad TCP SACK option causing the Snort engine to crash.
Restarting Snort will cause the engine to return to normal functionality.

Fix and Workaround Details:
A fix for this vulnerability was checked into the Snort 2.4 CVS tree on
August 23rd, 2005 and is available for download at
http://www.snort.org/pub-bin/snapshots.cgi. This fix will also be
included in the upcoming 2.4.1 release. Users who do not wish to upgrade
can simply choose not to run Snort in verbose mode to avoid being
vulnerable.

Questions? Let us know at snort-team@sourcefire.com.

Thanks,
Jennifer


--
Jennifer Steffens
Director, Product Management - Snort
Sourcefire, Inc


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users