Snort intrusion detection system - one patch and one new vulnerability
Since the release of version 2.6.1, the intrusion detection software Snort no longer suffers from a vulnerability going under the snappy name of Rule Matching Backtrack Denial of Service (PDF). A news item from the Snort developers advises Snort administrators to take the opportunity to update their installations to version 2.6.1.2.
Administrators who do so, however, will find themselves landed with a new problem, according to security specialists Calyptix. According to Calyptix, an integer underflow in the implementation of the Generic Routing Encapsulation protocol (GRE) could create the possibility for a remote attacker to cause Snort to read beyond a memory area, which could corrupt log files. The CVS repository of the commercial version of Snort from Sourcefire should already contain a patch which fixes this vulnerability, which it classifies as low risk.
See also:
- Download the latest version of Snort
(ehe)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
