Snort, the open-source intrusion-detection software, is vulnerable to hackers, its developers said this week.
Snort's popularity has grown as many businesses have been tempted away from expensive proprietary intrusion-detection systems. Advocates of Snort argue that it is more secure than products created by network gear makers such as Cisco Systems because its code is open for developers to both find and fix flaws.
But on Monday, Sourcefire, the company behind Snort, said that hackers could potentially execute malicious code on a system running Snort and gain access to confidential data.
Reporting the weakness, an Internet Security Systems report said: "Snort IDS and Sourcefire Intrusion Sensor (intrusion-detection/prevention system) are vulnerable to a stack-based buffer overflow, which can result in remote code execution?Compromise of machines using affected versions of Snort or Sourcefire may lead to exposure of confidential information, loss of productivity and further compromise. Successful exploitation of this vulnerability results in remote code execution with the privilege level of Snort, usually root or system."
Internet Security Systems said the following products are affected: Snort 2.6.1, 2.6.1.1, and 2.6.1.2; Snort 2.7.0 beta 1; Sourcefire Intrusion Sensors versions 4.1.x, 4.5.x, and 4.6.x with SEUs prior to SEU 64; Sourcefire Intrusion Sensor Software for Crossbeam versions 4.1.x, 4.5.x and 4.6.x with SEUs prior to SEU 64
Those using version 2.6.1, 2.6.1.1 or 2.6.1.2 should upgrade to 2.6.1.3, which is not vulnerable, Snort said. Users of version 2.7 should disable the DCE/RPC preprocessor, the program that contains the vulnerability. Version 2.7 is currently in beta, and the issue will be resolved in a second beta version, Snort said.
Richard Thurston of ZDNet UK reported from London.
What a hoot! All the technology in the world won't make your network safe as long as everyone continues to "react" to all the known threats. Go ahead and spend tons of money on Sourcefire or any other type of technology, put it in a closet and believe that you're secure. The simplest and most innocuous stuff is what topples the smartest and cockiest among the IT gods. A small stone took Goliath's arse and so too today the small non-rule-based crap is what fouls up all the brilliant technology as well as all the sycophantic believers that think it will do their jobs for them....Suckersssssss...... Ahem...Sorry about the hubris.
The two telecom carriers will carry a next-generation iPad running on the fast, next-generation wireless technology, sources tell The Wall Street Journal.
Google creates an animated doodle that features a boy, a girl, Google's search engine, and a jump rope. But might there be darker, more analytical, more troubling interpretations to this tale?
The Silicon Valley online payments startup grew by 1,000 percent last year and is hopeful it can repeat that level of growth this year. To do that, it's had to move away from its early friends-and-family roots and embrace small businesses.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
