Sourcefire Snort DCE/RPC Preprocessor Buffer Overflow
http://jvnrss.ise.chuo-u.ac.jp/jtg/trn/en/TRTA07-050A.html
JVNRSS based Status Tracking Notes: Sourcefire Snort is a widely-deployed, open-source network intrusion detection system (IDS). Snort and its components are used in other IDS products, notably Sourcefire, and Snort is included with a number of operating system distributions. The DCE/RPC preprocessor reassembles fragmented SMB and DCE/RPC traffic before passing data to the Snort rules.JVNRSS Feasibility Study Teamjvn@jvn.jpTRTA07-050A2007-03-10T11:13+00:002007-02-20T05:21+00:002007-03-10T11:13+00:00Snort/Sourcefire DCE/RPC Packet Reassembly Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid
Snort DCE/RPC Preprocessor Buffer Overflow (Command Execution Version)
Vulnerability Proof Of Concept (CVE-2006-5276)
#Cid: 22616-Command-Exec.py
#Tested: Snort 2.6.1 on Windows XP SP2
Bugtraqhttp://www.us-cert.gov/cas/techalerts/TA07-050A.htmlhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-52762007-03-012007-03-012007-03-01Snort/Sourcefire DCE/RPC Packet Reassembly Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid
Snort DCE/RPC Preprocessor Buffer Overflow (DoS)
Vulnerability Proof Of Concept (CVE-2006-5276)
#Cid: 22616.py
#Tested: Snort 2.6.1 on Fedora Core 4
Bugtraqhttp://www.us-cert.gov/cas/techalerts/TA07-050A.htmlhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-52762007-02-232007-02-232007-02-23Sourcefire Snort DCE/RPC Preprocessor Buffer Overflow
http://www.us-cert.gov/cas/techalerts/TA07-050A.html
Via US-CERT Mailing List
US-CERTTA07-050Ahttp://www.us-cert.gov/cas/techalerts/TA07-050A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5276http://www.kb.cert.org/vuls/id/1962402007-02-19T17:54-05:002007-02-19T17:54-05:002007-02-19T17:54-05:00Sourcefire addresses Snort vulnerability
http://isc.sans.org/diary.html?storyid=2280
The Sourcefire Vulnerability Research Team (VRT) today announced a vulnerability found in the DCE/RPC preprocessor in Snort and Sourcefire Intrusion Sensors. The DCE/RPC preprocessor is vulnerable to a stack-based buffer overflow that could potentially allow an attacker to execute code with the same privileges as the Snort binary.
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA07-050A.html2007-02-19T18:29+00:002007-02-19T18:29+00:002007-02-19T18:29+00:00Vulnerability in Sourcefire Snort Preprocessor
http://www.us-cert.gov/current/archive/2007/02/19/archive.html#snrtfrgpkt
US-CERT is aware of a stack-based buffer overflow vulnerability in the Sourcefire Snort DCE/PRC preprocessor. Sourcefire Snort is an intrusion detection and prevention solution and is included with a variety of UNIX and Linux distributions.
US-CERThttp://www.us-cert.gov/cas/techalerts/TA07-050A.html2007-02-19T11:20-04:002007-02-19T11:20-04:002007-02-19T11:20-04:00Sourcefire Snort Remote Buffer Overflow
http://www.iss.net/threats/257.html
Internet Security Systemshttp://www.us-cert.gov/cas/techalerts/TA07-050A.htmlhttp://xforce.iss.net/xforce/xfdb/312752007-02-192007-02-192007-02-19