Snort announced a vulnerability today in their SMB and DCE parser. Basically while reassembling some SMB traffic there was no bounds checking and a simple stack overflow was possible.
From the changelog:
2007-02-16 Steven Sturges
Add bounds checking to ReassembleSMBWriteX; use Safememcpy for calculated
length buffer copies.
Congrats to exploit ninja and my personal hero, Neel Mehta, for finding this.
Exploit and HEV should be available for customers in a few hours.