Hosting Provided By

[Snort-users] [greg.morris@sourcefire.com: Snort Mitigation and Patch Notification]

From: Karl A. Krueger <kkrueger(at)whoi.edu>
Date: Mon Mar 03 2003 - 12:19:29 EST

A sales representative at Sourcefire, whom I asked some months ago to cease contacting me, today sent me unsolicited commercial email (spam). The odd thing about this spam is that it alleged an (as yet) undisclosed vulnerability in Snort's RPC decoding routines. Is it conventional for vendor sales representatives to use undisclosed vulnerability notices as a "teaser" in unsolicited commercial email? This strikes me as rather problematic. Thoughts?

(Why pass this along ahead of the listed 1PM EST timeline? I don't like being spammed.)

Forwarded message from Greg Morris <greg.morris@sourcefire.com> ----- From: "Greg Morris" <greg.morris@sourcefire.com> To: kkrueger@whoi.edu Subject: Snort Mitigation and Patch Notification Organization: Sourcefire

Karl,

Wanted to give you a heads up about an incident we discovered. It involves Snort. While we are only notifying our Sourcefire customers initially, I thought it important to notify you, since I know you run Snort. Call me to discuss (XXX) XXX-XXXX. The mitigation for SNORT only (non-Sourcefire user) is at the bottom of this email.

Greg

Subject: Sourcefire IMS Mitigation and Patch Notification

Sourcefire would like to give our customers and partners notification that the Sourcefire Vulnerability Research Team has learned of a vulnerability in the Sourcefire Network Sensor product line. A full advisory and instructions for downloading a patch will be sent out at 1:00PM EST this afternoon.

[REDACTED]
Mitigation:

Do you need help?

Disabling the RPC preprocessor will make the Sourcefire Network Sensor invulnerable to the attack.

[REDACTED]
The mitigation instructions for Snort sensors are as follows:

comment out the line in your snort.conf that begins:

preprocessor rpc_decode

and replace it with

# preprocessor rpc_decode

   Greg Morris
   Sourcefire Network Security
   Director, Northeast Region Sales
   Mobile - (516) 769-2298
   www.sourcefire.com

End forwarded message -----

-- 
Karl A. Krueger 
Network Security -- Linux/Unix Systems Support -- Etc.
Woods Hole Oceanographic Institution



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Received on Mon Mar 3 13:12:13 2003

This message: [ Message body ]
Next message: Martin Roesch: "[Snort-users] [Snort-2003-001] Buffer overflow in Snort RPC preprocessor"
Previous message: Vlad Gavrila: "Re: [Snort-users] Snort 1.9 and spp_portscan2"
Next in thread: Matt Kettler: "Re: [Snort-users] [greg.morris@sourcefire.com: Snort Mitigation and Patch Notification]"
Reply: Matt Kettler: "Re: [Snort-users] [greg.morris@sourcefire.com: Snort Mitigation and Patch Notification]"
Reply: Matt Kettler: "Re: [Snort-users] [greg.morris@sourcefire.com: Snort Mitigation and Patch Notification]"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:11:46 EDT

Do you need more help?