By Gregg Keizer
Oct. 26, 2005
A working exploit for last week's Snort vulnerability has been
released, a security vendor said Wednesday, but any attack should be
short-lived and probably feeble.
The vulnerability in Snort, an open-source intrusion detection system
(IDS) used by more than 100,000 companies and government agencies to
defend networks, was unveiled last Wednesday, and simultaneously
patched. Because Snort's ubiquitous in enterprises -- and used in
nearly four dozen commercial IDS products -- experts cautioned
companies to patch as soon as possible, because and exploit might
spread very quickly, and resemble some of the worst worms ever,
including 2003's Slammer.
According to a bulletin issued by Symantec, an exploit targeting Snort
running on Linux with the 2.6 kernel has been published by The
Hacker's Choice (THC); Symantec's research team has also confirmed
that the exploit works.
Not all is doom and gloom, however.
"The return addresses used by the exploit will probably only bind the
shell on a limited number of systems; causing a denial of service
condition on others," read Symantec's warning.
"It required system specific return addresses to be supplied to
successfully exploit the vulnerability," Symantec said.
InfoSec News v2.0 - Coming Soon!