In association with heise online

« previous | next »
15 January 2007, 13:14

Snort intrusion detection system - one patch and one new vulnerability

Since the release of version 2.6.1, the intrusion detection software Snort no longer suffers from a vulnerability going under the snappy name of Rule Matching Backtrack Denial of Service (PDF). A news item from the Snort developers advises Snort administrators to take the opportunity to update their installations to version 2.6.1.2.

Administrators who do so, however, will find themselves landed with a new problem, according to security specialists Calyptix. According to Calyptix, an integer underflow in the implementation of the Generic Routing Encapsulation protocol (GRE) could create the possibility for a remote attacker to cause Snort to read beyond a memory area, which could corrupt log files. The CVS repository of the commercial version of Snort from Sourcefire should already contain a patch which fixes this vulnerability, which it classifies as low risk.

See also:

(ehe)

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-732118

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung SSD 830 Series 128GB
  2. Samsung SSD 830 Series 256GB
  3. Samsung SSD 830 Series Desktop Upgrade Kit 256GB
  4. Intel Core i5-3570K
  5. Samsung Galaxy S3 i9300 16GB blau
  6. Gigabyte GeForce GTX 670 OC
  7. Crucial m4 SSD 128GB
  8. Diablo 3 (deutsch)
  9. Palit GeForce GTX 670
  10. Samsung Galaxy Nexus i9250 16GB silber

The H

The H open source

The H Security

The H Internet Toolkit