- Related Stories
-
Skype flaws open computers to attack
October 25, 2005 -
Exploit out for Zotob-like Windows flaw
October 21, 2005 -
Check Point's dollars catch Sourcefire
October 6, 2005
The exploit code, published to the Web by FrSirt on Tuesday, demonstrates how vulnerabilities in a Snort sensor designed to detect an exploit tool called Back Orifice can be subject to a buffer overflow attack. Back Orifice is used by remote intruders to take control of compromised systems.
Last week, security experts warned of flaws in systems running Snort 2.4.0 and higher. The vulnerabilities could allow an attacker to send a malicious packet through a network that is using Snort to guard against Back Orifice.
Available for free, Snort software is estimated to have more than 100,000 active users, according to figures from Sourcefire, the software's developer. Sourcefire has issued a patch, Snort version 2.4.3, to address the problem. Sourcefire also advised people to disable the Back Orifice preprocessor in Snort if they are running it on vulnerable versions of the software.
Meanwhile, a tool to guard against the exploit has also been developed by an incident handler at the Internet Storm Center, which tracks network threats.
See more CNET content tagged:
Snort, Back Orifice, Sourcefire Inc., exploit, flaw
