Snort Suffers from 'Trivially Exploitable' Hole

The popular Snort intrusion detection system has a vulnerability that opens systems to potential root exploits.

By Michael Hall | Posted Oct 20, 2005
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

A bit of functionality designed to detect a venerable Windows back door has prompted security researchers to warn of a potential root compromise in the Snort intrusion detection package.

According to an advisory released by Internet Security Systems (ISS), a vulnerability in Snort’s Back Orifice pre-processor opens the system running the software to remote attack and exploit. Back Orifice is a remote management tool that first surfaced in 1998, allowing users to control Windows systems. It has seen common use as a surreptitiously installed back door.

The firm said the vulnerability, triggerable with a single UDP packet, is "trivially exploitable."

The vulnerability can be easily mitigated by disabling the Back Orifice pre-processor, which is accomplished by commenting out the line preprocessor bo in the snort.conf configuration file.

Security firm Secunia has rated the vulnerability "highly critical," and recommended users immediately update to Snort v2.4.3.

In addition to the basic Snort application, a number of software packages and applications that use the open source Snort software share the vulnerability.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter