Snort URL evasion vulnerability patched and version 2.6.0 available

Published: 2006-06-05
Last Updated: 2006-06-06 02:02:33 UTC
by George Bakos (Version: 1)
0 comment(s)
The Snort NIDS (http://www.snort.org) vulnerability that was discussed last week (http://isc.sans.org/diary.php?storyid=1373) has been addressed by the Snort team. The latest version, 2.4.5, fixes two vulnerabilites what might have allowed an attacker to send malicious web requests undetected by Snort. Get it at snort.org.

Late breaking news flash! Snort 2.6.0 is out. According to Jennifer Steffens of Sourcefire, the new release includes:
  • Tcp stream properly reassembled after failed sequence check, which may lead to possible detection evasion.
  • Added configurable stream flushpoints.
  • Improved rpc processing.
  • Improved portscan detection.
  • Improved http request processing and handling of possible evasion cases.
  • Improved performance monitoring.
There is also dynamic rules processing and a new version numbering scheme. http://www.snort.org/pub-bin/snortnews.cgi
Keywords:
0 comment(s)

Comments


Diary Archives