Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > focus-ids > 03 > 030465.html (Request Expert securityfocus.com Support)

RE: Snort RPC Vulnerability

From: Trey A Mujakporue <trey.trey(at)ntlworld.com>
Date: Mon Mar 03 2003 - 18:04:39 EST


Yes. A receive only cable does not protect you from an attacker who's sole motive is to take out whatever IDS you may have out there. For instance, we all rely on our IDS to alert us in the event of an attack or the symptoms of a coming attack. If an attacker managed to kock out your IDS you would probably be none the wiser to the forthcoming events.

Jmtpw.

Trey!

Sig://I was once attacked by a barrage of exploding guava's after spending the night in Borneo.. to escape i slept in the pouch of a large Marsupial, then sailed away in a Marzipan Canoe!

-----Original Message-----
From: netsecurity [mailto:netsecurity@duracompanies.com] Sent: 03 March 2003 19:03
To: Jason V. Miller
Cc: Focus-IDS
Subject: Re: Snort RPC Vulnerability

If you are using a receive only cable does this still represent a vulnerability?

Allen Taylor


Network Security
Dura Builders
5740 Decatur Blvd.
Indianapolis, IN, 46241

(317) 821-1109 FAX
Monday, March 3, 2003, 1:20:51 PM, you wrote: 

JVM> Anyone using Snort might want to have a look at the latest ISS 
JVM> Advisory. There is a vulnerability in Snort 1.8.0 - 1.9.0 in the 
JVM> RPC preprocessor, which may ultimately allow a remote attacker to 
JVM> execute arbitrary code on a vulnerable host.

JVM> Internet Security Systems Security Advisory
JVM> Snort RPC Preprocessing Vulnerability
JVM> http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=2 JVM> 1951 
JVM> The Snort team has released a new version, 1.9.1, which contains 
JVM> fixes for this issue. Users not wishing to upgrade may disable the 
JVM> RPC preprocessor in their snort.conf configs.
Do you need help?X

JVM> Check out the Snort Web site:
JVM> http://www.snort.org/

JVM> Version 1.9.1, which contains fixes for this issue, is available JVM> here: http://www.snort.org/dl/snort-1.9.1.tar.gz

JVM> Regards,

(C)opyright Dura Builders, ~2003~ Indianapolis, IN, All Rights Reserved


-
The information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.
If the reader of this e-mail is not the intended recipient, or the
employee or agent responsible to deliver it to the intended recipient,
you are hereby notified that any review, dissemination, distribution
or copying of this communication is strictly prohibited. If you have
received this e-mail in error, contact netsecurity@duracompanies.com

-

<Pre>Lose another weekend managing your IDS? Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>

<Pre>Lose another weekend managing your IDS? Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A> Received on Mon Mar 3 18:09:29 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:10 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library