Snort RPC Vulnerability (fwd)
From: Dave Ahmad (daat_private)
Date: Mon Mar 03 2003 - 12:08:57 PST
Next message: l33t guy: "[blaqhatz] - Pastel Accounting application security issues"
David Mirza Ahmad
Symantec
"sabbe dhamma anatta"
0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
attached mail follows:
Anyone using Snort might want to have a look at the latest ISS Advisory. There
is a vulnerability in Snort 1.8.0 - 1.9.0 in the RPC preprocessor, which may
ultimately allow a remote attacker to execute arbitrary code on a vulnerable
host.
Internet Security Systems Security Advisory
Snort RPC Preprocessing Vulnerability
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951
The Snort team has released a new version, 1.9.1, which contains fixes for this
issue. Users not wishing to upgrade may disable the RPC preprocessor in their
snort.conf configs.
Check out the Snort Web site:
http://www.snort.org/
Version 1.9.1, which contains fixes for this issue, is available here:
http://www.snort.org/dl/snort-1.9.1.tar.gz
Regards,
--
Jason V. Miller, Threat Analyst
Symantec, Inc. - www.symantec.com
E-Mail: jmillerat_private
-----------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
This archive was generated by hypermail 2b30
: Mon Mar 03 2003 - 12:21:24 PST