A week ago, Neel Mehta from IBM Internet Security Systems X-Force has reported a vulnerability in Snort, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error within the DCE/RPC preprocessor when reassembling SMB Write AndX requests. This can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent over a network that is monitored by Snort .
Successful exploitation allows execution of arbitrary code.
The vulnerability reportedly affects the following versions:
- Snort 2.6.1, 220.127.116.11, and 18.104.22.168
- Snort 2.7.0 beta 1
Solution is to update to version 22.214.171.124. The vendor recommends that beta users disable the DCE/RPC preprocessor.