SYS-CON.TV Webcasts
Jackbe: The Big A(architecture in AJAX)
Instantiations: Eclipse Rich Internet Platform with Taylor and Milinkovich
Yahoo!: Applying AJAX to Speed User's Journey
Enerjy Webcast: Java Code Quality Management
App Server Shoot-out: Microsoft, IBM, JBoss, Sun, BEA, and Oracle
Comments
By Roger Strukhoff
Richard Davies wrote: The UK has a good crop of technology pioneers in cloud computing - for example ElasticHosts, FlexiScale, Flexiant, OnApp - and also some strong government initiatives such as G-Cloud. We will have to see whether this kind of technical leadership converts into swift mass-market adoption or not.
Jan. 8, 2012 11:38 AM EST
Cloud Expo on Google News
Did you read today's front page stories & breaking news?

SYS-CON.TV: Cynergy Announcing RIA Development for Silverlight

2008 West
DIAMOND SPONSOR:
Data Direct
SOA, WOA and Cloud Computing: The New Frontier for Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
GOLD SPONSORS:
Appsense
User Environment Management – The Third Layer of the Desktop
Cordys
Cloud Computing for Business Agility
EMC
CMIS: A Multi-Vendor Proposal for a Service-Based Content Management Interoperability Standard
Freedom OSS
Practical SOA” Max Yankelevich
Intel
Architecting an Enterprise Service Router (ESR) – A Cost-Effective Way to Scale SOA Across the Enterprise
Sensedia
Return on Assests: Bringing Visibility to your SOA Strategy
Symantec
Managing Hybrid Endpoint Environments
VMWare
Game-Changing Technology for Enterprise Clouds and Applications
Click For 2008 West
Event Webcasts

2008 West
PLATINUM SPONSORS:
Appcelerator
Get ‘Rich’ Quick: Rapid Prototyping for RIA with ZERO Server Code
Keynote Systems
Designing for and Managing Performance in the New Frontier of Rich Internet Applications
GOLD SPONSORS:
ICEsoft
How Can AJAX Improve Homeland Security?
Isomorphic
Beyond Widgets: What a RIA Platform Should Offer
Oracle
REAs: Rich Enterprise Applications
Click For 2008 Event Webcasts
SYS-CON.TV
Top Links You Must Click On


Open Source
ISS reports Snort vulnerability
Buffer-overflow vulnerability found in Snort's RPC-fragmentation code

By: Paul Roberts
Mar. 4, 2003 12:00 AM

(IDG News Service) — A software vulnerability in the widely used Snort open-source intrusion detection system (IDS) software could allow an attacker to crash the Snort sensor or gain control of the host device on which the sensor runs.

Snort serves as the basis for commercial IDS products such as those produced by Sourcefire Inc. and can be used to detect a wide range of network attacks and probes, such as attempted buffer overflows and port scans.

A buffer overflow vulnerability was found in code used by Snort to detect an attack technique called RPC (remote procedure call) fragmentation. RPC fragmentation can be used to evade intrusion detection systems, according to an advisory reported Monday by security vendor Internet Security Systems Inc. (ISS).

RPC is a protocol that one software program can use to request a service from a program located in another computer in a network.

Snort does not properly check the size of the RPC fragments it is processing against the available space in the preprocessing buffer. Sending data to the buffer in excess of its capacity causes the buffer to overflow. Buffer overflows may cause the Snort sensor to crash or enable an attacker to place and execute malicious code on the compromised host, ISS said.

To exploit the vulnerability, attackers would need to craft RPC traffic to specifically exploit the buffer overflow. Attackers would not, however, need to know the address of the Snort sensor they are targeting. Simply sending exploit packets to a network that is protected by a Snort sensor is sufficient to launch an attack, ISS said.

Because Snort sensors and other IDS products typically guard against intrusion into critical networks, the compromise of a Snort sensor could lead to highly sensitive network traffic being accessible to remote attackers. That traffic could, in turn, yield information needed to compromise internal network resources, according to ISS.

All versions of Snort since version 1.8, released in July 2001, are affected by the RPC vulnerability, ISS said. A new version of the Snort software that fixes the RPC vulnerability, version 1.9.1, was available on the Snort Web page as of Tuesday.

ISS recommended that Snort users consult the Snort Web page at http://www.snort.org/ and upgrade their source implementation using patches or software upgrades available there.

Users who are unable to upgrade their Snort installation should disable the RPC preprocessor until they can upgrade, ISS said.

Published Mar. 4, 2003— Reads 7,391
Copyright © 2003 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.
About Paul Roberts
Paul Roberts is a Boston correspondent for the IDG News Service, a Linux.SYS-CON.com affiliate.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Enterprise Open Source Magazine Latest Stories . . .
By Maureen O'Gara
Apache Deltacloud, the Red Hat-contributed ReSTful API that abstracts differences between clouds so services on any cloud can be managed – provided of course there’s a driver – has graduated from the Apache Foundation’s incubator and is now a full-fledged Top-Level Project (TLP). The...
By Jeremy Geelan
With Cloud Expo 2012 New York (10th Cloud Expo) just four months away, what better time to start introducing you in greater detail to the distinguished individuals in our incredible Speaker Faculty for the technical and strategy sessions at the conference... We have technical and st...
By Maureen O'Gara
AMD said late Tuesday that its chief sales officer Emilio Ghilardi had left the company and that CEO and president Rory Read is going to do his job while a replacement is sought. AMD didn’t say why Ghilardi left but it’s assumed Read wants his own people. Read is relatively new to th...
By Hovhannes Avoyan
During the lifespan of M3 (Monitis Monitor Manager) there has always been something lacking – timers. M3 execution procedure was outlined in this previous article. The execution mentioned in the latter was a one-time-execution, whereas server monitoring requires periodic invocati...
By Maureen O'Gara
Red Hat is putting its bought-in Gluster scale-out NAS storage technology, acquired in October, on the Amazon cloud. It’s styled Red Hat Virtual Storage Appliance for Amazon Web Services and other clouds are supposed to follow in short order.
By Ignacio M. Llorente
A new episode of the screencast series is now available at the OpenNebula YouTube Channel. This screencast demonstrates the new easily-customizable self-service portal for cloud consumers. Its aim is to offer a simplified access to shared infrastructure for non-IT end users. The scree...
MORE »
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021

SYS-CON Featured Whitepapers
Most Read This Week
By Jeremy Geelan
By Bob Hockman
By Brian McCallion
By Steven Yaskin
By Jeremy Geelan
By Jeremy Geelan
By Udayan Banerjee
By Jeremy Hess
By Udayan Banerjee
By Maureen O'Gara
By Liz McMillan
By Hollis Tibbetts
ADS BY GOOGLE