Last Updated: 2009-02-23 03:03:09 UTC
by Joel Esler (Version: 7)
Please see Shadowserver's write up: here for more information
UPDATE: Another great VRT Blog post. These guys keep pumping them out! Check it out here.
UPDATE Shadowserver has released important mitigation information. You can see that post at the url below.
UPDATE: Sourcefire VRT has published a "homebrew" patch for the vuln. PLEASE TEST THIS BEFORE DEPLOYING IN ANY ENVIRONMENT!!! SANS ISC has NOT verified the effectiveness of this "homebrew patch", and as such we cannot make any claims or comments on its effectiveness or any unintended consequences of using this modified software. As some of you may remember ZERT in the past has done similar, and there are obviously caveats involved with this approach. (both technical and possibly legal) So please do educate your self, and if need be discuss with your legal team before deploying third party modified software into your environment.
Information on patch:
Information on ZERT:
Disclosure: Joel works for Sourcefire, but does not work for the VRT.
-- Joel Esler http://www.joelesler.net
-- Andre L