Snort Bug Exploit Shows Up
The good news: any problems will likely be short-lived, and a patch is available.
A working exploit for last week's Snort vulnerability has been released, a security vendor said Wednesday, but any attack should be short-lived and probably feeble.
The vulnerability in Snort, an open-source intrusion detection system (IDS) used by more than 100,000 companies and government agencies to defend networks, was unveiled last Wednesday, and simultaneously patched. Because Snort's ubiquitous in enterprises -- and used in nearly four dozen commercial IDS products -- experts cautioned companies to patch as soon as possible, because and exploit might spread very quickly, and resemble some of the worst worms ever, including 2003's Slammer.
- A Smarter Approach: Inside IBM Business Analytics Solutions for Mid-Size Businesses
- Managing Threats in the Digital Age
According to a bulletin issued by Symantec, an exploit targeting Snort running on Linux with the 2.6 kernel has been published by The Hacker's Choice (THC); Symantec's research team has also confirmed that the exploit works.
Not all is doom and gloom, however.
"The return addresses used by the exploit will probably only bind the shell on a limited number of systems; causing a denial of service condition on others," read Symantec's warning.
"It required system specific return addresses to be supplied to successfully exploit the vulnerability," Symantec said.