Vulnerability reported in Snort intrusion prevention system
945 views 
Researchers from the University of Wisconsin in Madison have discovered a vulnerability in open-source intrusion prevention technology Snort which can be exploited to launch a DoS attack. Vulnerability tracking firm Secunia graded the flaw "less critical," according to an advisory released today. The rule-matching algorithm of Snort can be exploited remotely to run time-consuming operations that cannot be detected and can lead to a DoS condition, the advisory explained.
The bug was reported in version 2.4.3. Users are urged to update to the latest version. Snort is produced by Sourcefire, which announced in October it was going public after a plan to be acquired by Check Point fell through.
Snort Advisory
Here is the link to original advisory http://www.cs.wisc.edu/~smithr/pubs/acsac2006.pdf
Snort BackTracking SlideShow
Exploit Released for VML Flaw
A fully working exploit for a high-risk vulnerability fixed by Microsoft two days ago has been put into limited release, prompting new "patch now" warnings from computer security experts. The exploit, which allows PC takeover attacks on Windows XP SP2, has been published to Immunity's partners program, which offers up-to-the minute information on new vulnerabilities and exploits to IDS (intrusion detection companies) and larger penetrating testing firms.
Immunity, based in Miami Beach, Fla., sells access to the partners program for around $40,000, according to founder Dave Aitel.
The company's exploit takes aim at a "critical" bug in the way VML (Vector Markup Language) is implemented in Windows. It has been successfully tested on Windows XP SP2 and
Windows 2000, with default installations of Internet Explorer 6.0.
"This is a fully working exploit, [it] will give you full access to do anything on the target machine," says Immunity researcher Kostya Kortchinsky.
Source : Yahoo News
Post new comment