Sourcefire urges update to fix Snort flaw

Sourcefire has urged users of its popular Snort intrusion-prevention technology to upgrade to a newer version of the product to fix a recently discovered vulnerability.

The US firm alerted users to a flaw in Snort’s DCE/RPC processor, which is vulnerable to stack-based buffer overflow attacks.

Sourcefire has released updates to fix problem, and has not received reports of exploitation, according to the advisory.

The vulnerability affects Snort versions 2.6.1, 2.6.1.1 and 2.6.1.2, Snort 2.7.0 beta 1 and Sourcefire commercial products, according to the company recommendation.

The firm urged Snort 2.6.1.x users to upgrade to version 2.6.1.3 immediately.

The issue in Snort 2.7 beta 1 will be fixed in Snort 2.7 beta 2. Until its release, beta users have been advised to disable the DEC/RPC processor.

Secunia ranked the buffer overflow flaw as "highly critical," meaning it’s remotely exploitable without user interaction.
The flaw, CVE-2006-5276 in the Common Vulnerabilities and Exposures listing, was discovered by Neel Mehta, team lead of the X-Force Advanced Research Group at IBM Internet Security Systems.

Mehta told SCMagazine.com today that Snort is more prone to vulnerabilities because of how often Sourcefire updates the program. He also praised the company for a quick response to the flaw.

"It’s a relatively quickly changing product – they’re always adapting to new attacks, always writing new code," he said. "The fact that they have a lot of code makes them more at risk than other programs. I think that’s just the nature of the program."

Sign up to our newsletters