[29136] in bugtraq
Snort RPC Vulnerability (fwd)
daemon@ATHENA.MIT.EDU (Dave Ahmad)
Mon Mar 3 15:37:47 2003
Date: Mon, 3 Mar 2003 13:08:57 -0700 (MST)
From: Dave Ahmad <da@securityfocus.com>
To: bugtraq@securityfocus.com
Message-ID: <Pine.LNX.4.43.0303031308540.19915-110000@mail.securityfocus.com>
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="-825423385-127376960-1046722137=:19915"
---825423385-127376960-1046722137=:19915
Content-Type: TEXT/PLAIN; charset=US-ASCII
David Mirza Ahmad
Symantec
"sabbe dhamma anatta"
0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
---825423385-127376960-1046722137=:19915
Content-Type: MESSAGE/RFC822; CHARSET=US-ASCII
Content-ID: <Pine.LNX.4.43.0303031308550.19915@mail.securityfocus.com>
Content-Description: Snort RPC Vulnerability (fwd)
Return-Path: <focus-ids-return-3250-da=securityfocus.com@securityfocus.com>
Delivered-To: da@securityfocus.com
Received: (qmail 27172 invoked from network); 3 Mar 2003 18:35:46 -0000
Received: from outgoing2.securityfocus.com (HELO outgoing.securityfocus.com) (205.206.231.26)
by mail.securityfocus.com with SMTP; 3 Mar 2003 18:35:46 -0000
Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])
by outgoing.securityfocus.com (Postfix) with QMQP
id 2A8128F2D7; Mon, 3 Mar 2003 11:29:52 -0700 (MST)
Mailing-List: contact focus-ids-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <focus-ids.list-id.securityfocus.com>
List-Post: <mailto:focus-ids@securityfocus.com>
List-Help: <mailto:focus-ids-help@securityfocus.com>
List-Unsubscribe: <mailto:focus-ids-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:focus-ids-subscribe@securityfocus.com>
Delivered-To: mailing list focus-ids@securityfocus.com
Delivered-To: moderator for focus-ids@securityfocus.com
Received: (qmail 22566 invoked from network); 3 Mar 2003 18:17:16 -0000
Date: Mon, 3 Mar 2003 11:20:51 -0700
From: "Jason V. Miller" <jmiller@securityfocus.com>
To: Focus-IDS <focus-ids@securityfocus.com>
Subject: Snort RPC Vulnerability
Message-ID: <20030303182051.GE19260@securityfocus.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Description: Message
Content-Disposition: inline
User-Agent: Mutt/1.3.25i
Anyone using Snort might want to have a look at the latest ISS Advisory. There
is a vulnerability in Snort 1.8.0 - 1.9.0 in the RPC preprocessor, which may
ultimately allow a remote attacker to execute arbitrary code on a vulnerable
host.
Internet Security Systems Security Advisory
Snort RPC Preprocessing Vulnerability
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951
The Snort team has released a new version, 1.9.1, which contains fixes for this
issue. Users not wishing to upgrade may disable the RPC preprocessor in their
snort.conf configs.
Check out the Snort Web site:
http://www.snort.org/
Version 1.9.1, which contains fixes for this issue, is available here:
http://www.snort.org/dl/snort-1.9.1.tar.gz
Regards,
--
Jason V. Miller, Threat Analyst
Symantec, Inc. - www.symantec.com
E-Mail: jmiller@securityfocus.com
-----------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
---825423385-127376960-1046722137=:19915--
