Check Point Advisories

Preemptive Protection against Sourcefire Intrusion Sensor and Snort DCE/RPC Preprocessor Buffer Overflow Vulnerability

Check Point Reference: CPAI-2007-037
Date Published: 29 Mar 2007
Severity: High
Last Updated: Monday 30 April, 2007
Source: SecurityTracker: 1017669
Industry Reference:CVE-2006-5276
Protection Provided by:
Who is Vulnerable? Snort version 2.6.1
Snort version 2.6.1.1
Snort version 2.6.1.2
Snort version 2.7 beta 1
Sourcefire Intrusion Sensor versions 4.1.x
Sourcefire Intrusion Sensor versions 4.5.x
Sourcefire Intrusion Sensor versions 4.6.x
Sourcefire Intrusion Sensor Software for Crossbeam versions 4.1.x
Sourcefire Intrusion Sensor Software for Crossbeam versions 4.5.x
Sourcefire Intrusion Sensor Software for Crossbeam versions 4.6.x
Vulnerability Description A buffer overflow vulnerability has been identified in Sourcefire Intrusion Sensor and in Snort DCE/RPC preprocessor. Sourcefire Snort is an open-source network intrusion detection system. Snort DCE/RPC preprocessor is a plug-in that reassembles fragmented SMB and DCE/RPC packets. A remote attacker can exploit the vulnerability to execute arbitrary code on a target system.
Update/Patch AvaliableUpgrade to Snort:
http://www.snort.org/dl/

Apply SEU 64 for Sourcefire Intrusion Sensor:
https://support.sourcefire.com/
Vulnerability DetailsThe vulnerability is due to a boundary error within the DCE/RPC preprocessor that fails to properly reassemble SMB Write AndX commands. A remote attacker could trigger this flaw via a specially crafted SMB packet. Successful exploitation may allow execution of arbitrary code on a system running Snort.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK