Snort intrusion detection system - one patch and one new vulnerability
Since the release of version 2.6.1, the intrusion detection software Snort no longer suffers from a vulnerability going under the snappy name of Rule Matching Backtrack Denial of Service (PDF). A news item from the Snort developers advises Snort administrators to take the opportunity to update their installations to version 126.96.36.199.
Administrators who do so, however, will find themselves landed with a new problem, according to security specialists Calyptix. According to Calyptix, an integer underflow in the implementation of the Generic Routing Encapsulation protocol (GRE) could create the possibility for a remote attacker to cause Snort to read beyond a memory area, which could corrupt log files. The CVS repository of the commercial version of Snort from Sourcefire should already contain a patch which fixes this vulnerability, which it classifies as low risk.
- Download the latest version of Snort