Snort Suffers from 'Trivially Exploitable' Hole

The popular Snort intrusion detection system has a vulnerability that opens systems to potential root exploits.

 By Michael Hall | Posted Oct 20, 2005
Page of   |  Back to Page 1
Print Article

A bit of functionality designed to detect a venerable Windows back door has prompted security researchers to warn of a potential root compromise in the Snort intrusion detection package.

According to an advisory released by Internet Security Systems (ISS), a vulnerability in Snort’s Back Orifice pre-processor opens the system running the software to remote attack and exploit. Back Orifice is a remote management tool that first surfaced in 1998, allowing users to control Windows systems. It has seen common use as a surreptitiously installed back door.

The firm said the vulnerability, triggerable with a single UDP packet, is "trivially exploitable."

The vulnerability can be easily mitigated by disabling the Back Orifice pre-processor, which is accomplished by commenting out the line preprocessor bo in the snort.conf configuration file.

Security firm Secunia has rated the vulnerability "highly critical," and recommended users immediately update to Snort v2.4.3.

In addition to the basic Snort application, a number of software packages and applications that use the open source Snort software share the vulnerability.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter

By submitting your information, you agree that enterprisenetworkingplanet.com may send you ENTERPRISENetworkingPLANET offers via email, phone and text message, as well as email offers about other products and services that ENTERPRISENetworkingPLANET believes may be of interest to you. ENTERPRISENetworkingPLANET will process your information in accordance with the Quinstreet Privacy Policy.