http://www.informationweek.com/story/showArticle.jhtml?articleID=172900617 By Gregg Keizer TechWeb News Oct. 26, 2005 A working exploit for last week's Snort vulnerability has been released, a security vendor said Wednesday, but any attack should be short-lived and probably feeble. The vulnerability in Snort, an open-source intrusion detection system (IDS) used by more than 100,000 companies and government agencies to defend networks, was unveiled last Wednesday, and simultaneously patched. Because Snort's ubiquitous in enterprises -- and used in nearly four dozen commercial IDS products -- experts cautioned companies to patch as soon as possible, because and exploit might spread very quickly, and resemble some of the worst worms ever, including 2003's Slammer. According to a bulletin issued by Symantec, an exploit targeting Snort running on Linux with the 2.6 kernel has been published by The Hacker's Choice (THC); Symantec's research team has also confirmed that the exploit works. Not all is doom and gloom, however. "The return addresses used by the exploit will probably only bind the shell on a limited number of systems; causing a denial of service condition on others," read Symantec's warning. "It required system specific return addresses to be supplied to successfully exploit the vulnerability," Symantec said. _________________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Thu Oct 27 2005 - 00:22:03 PDT