d3tm4r a.k.a Kamerazukleber
Still missing in Snort: inclusion of HTTP response codes in alerts & appropriate prioritization.
Showing posts with label Snort. Show all posts
Showing posts with label Snort. Show all posts
Monday, February 06, 2012
Monday, February 19, 2007
Snort Remote RPC 0day
http://www.snort.org/docs/advisory-2007-02-19.html
Snort announced a vulnerability today in their SMB and DCE parser. Basically while reassembling some SMB traffic there was no bounds checking and a simple stack overflow was possible.
From the changelog:
2007-02-16 Steven Sturges
* src/dynamic-preprocessors/Makefile.am:
* src/dynamic-preprocessors/dcerpc/smb_andx_decode.c:
* src/dynamic-preprocessors/dcerpc/dcerpc.c:
Add bounds checking to ReassembleSMBWriteX; use Safememcpy for calculated
length buffer copies.
Congrats to exploit ninja and my personal hero, Neel Mehta, for finding this.
Exploit and HEV should be available for customers in a few hours.
Snort announced a vulnerability today in their SMB and DCE parser. Basically while reassembling some SMB traffic there was no bounds checking and a simple stack overflow was possible.
From the changelog:
2007-02-16 Steven Sturges
* src/dynamic-preprocessors/Makefile.am:
* src/dynamic-preprocessors/dcerpc/smb_andx_decode.c:
* src/dynamic-preprocessors/dcerpc/dcerpc.c:
Add bounds checking to ReassembleSMBWriteX; use Safememcpy for calculated
length buffer copies.
Congrats to exploit ninja and my personal hero, Neel Mehta, for finding this.
Exploit and HEV should be available for customers in a few hours.
Subscribe to:
Posts (Atom)