Published: 2007-02-20T05:21+00:00
Last Updated: 2007-03-10T11:13+00:00
TRTA07-050A
Sourcefire Snort DCE/RPC Preprocessor Buffer Overflow
Overview
Sourcefire Snort is a widely-deployed, open-source network intrusion detection system (IDS). Snort and its components are used in other IDS products, notably Sourcefire, and Snort is included with a number of operating system distributions. The DCE/RPC preprocessor reassembles fragmented SMB and DCE/RPC traffic before passing data to the Snort rules.
Event Information
| Date (UTC) | Description |
| 2007-03-01 |
Bugtraq Snort/Sourcefire DCE/RPC Packet Reassembly Stack Buffer Overflow Vulnerability Snort DCE/RPC Preprocessor Buffer Overflow (Command Execution Version) Vulnerability Proof Of Concept (CVE-2006-5276) #Cid: 22616-Command-Exec.py #Tested: Snort 2.6.1 on Windows XP SP2 |
| 2007-02-23 |
Bugtraq Snort/Sourcefire DCE/RPC Packet Reassembly Stack Buffer Overflow Vulnerability Snort DCE/RPC Preprocessor Buffer Overflow (DoS) Vulnerability Proof Of Concept (CVE-2006-5276) #Cid: 22616.py #Tested: Snort 2.6.1 on Fedora Core 4 |
| 2007-02-19 22:54 |
US-CERT TA07-050A: Sourcefire Snort DCE/RPC Preprocessor Buffer Overflow Via US-CERT Mailing List |
| 2007-02-19 18:29 |
SANS Internet Storm Center Sourcefire addresses Snort vulnerability The Sourcefire Vulnerability Research Team (VRT) today announced a vulnerability found in the DCE/RPC preprocessor in Snort and Sourcefire Intrusion Sensors. The DCE/RPC preprocessor is vulnerable to a stack-based buffer overflow that could potentially allow an attacker to execute code with the same privileges as the Snort binary. |
| 2007-02-19 15:20 |
US-CERT Vulnerability in Sourcefire Snort Preprocessor US-CERT is aware of a stack-based buffer overflow vulnerability in the Sourcefire Snort DCE/PRC preprocessor. Sourcefire Snort is an intrusion detection and prevention solution and is included with a variety of UNIX and Linux distributions. |
| 2007-02-19 |
Internet Security Systems Sourcefire Snort Remote Buffer Overflow |