RealNews

Snort vulnerability exposed

The discovery and disclosure of a serious vulnerability in the Sendmail e-mail software by Atlanta based security giant Internet Security Systems (ISS) is starving another vulnerability of the attention it deserves. ISS have also disclosed a buffer overflow vulnerability in Snort, a widely used open-source Intrusion Detection System. “Remote attackers may exploit the buffer overflow condition to run arbitrary code on a Snort sensor with the privileges of the Snort IDS process,” the advisory said. Snort is a network based intrusion detection system (IDS) which is used for sniffing data on a network and comparing it to known attack signatures. Snort logs any suspicious activity that it detects, allowing system administrators to respond to attacks or use collected data in forensic applications. By sending specially formed “fragmented RPC” data across a network monitored by a snort sensor, it is possible to compromise it. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.