Snort announced a vulnerability today in their SMB and DCE parser. Basically while reassembling some SMB traffic there was no bounds checking and a simple stack overflow was possible.
From the changelog:
2007-02-16 Steven Sturges
* src/dynamic-preprocessors/Makefile.am:
* src/dynamic-preprocessors/dcerpc/smb_andx_decode.c:
* src/dynamic-preprocessors/dcerpc/dcerpc.c:
Add bounds checking to ReassembleSMBWriteX; use Safememcpy for calculated
length buffer copies.
Congrats to exploit ninja and my personal hero, Neel Mehta, for finding this.
Exploit and HEV should be available for customers in a few hours.
No comments:
Post a Comment