Author: JT Smith
ISS, which markets a commercial IDS product named RealSecure, stated that Snort’s default configuration does not have the ability to restart when it crashes and requires a separate script or process monitor for such functionality.
The flaw in Snort was originally reported by a user named Sinbad Jan. 10 on the Bugtraq security mailing list, along with instructions on how to cause the software to crash and exit.
Martin Roesch, Snort’s developer, was not immediately available for comment.
A message posted Monday by Roesch to a mailing list for Snort users noted that the denial of service attack is only successful on Linux-based Snort installations that have a feature called ASCII payload dump enabled.
“I think someone at ISS is putting together some marketing (fear, uncertainty, and doubt),” wrote Roesch, who also pointed out that instructions on how to patch the program were posted to both the Bugtraq and Snort lists on Jan. 10.
After one Snort user responded that the software’s download site contained no mention of the security vulnerability, a message was posted today on the front page of http://www.snort.org with a link to the Bugtraq post.
According to the Snort Web site, Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. The software is available for Unix, Macintosh, and Windows platforms.
The Snort site is at http://www.snort.org .
The Bugtraq report is at http://www.securityfocus.com/archive/1/249340 .
The ISS alert is online at http://xforce.iss.net/static/7874.php .
Article by www.linux-box.org”
Category:
- Linux
