Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Back to Green on the Snort BO Buffer Overflow SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Back to Green on the Snort BO Buffer Overflow
We've decided to go back to green on the Snort Back Orifice pre-processor buffer overflow vulnerability.  The reason for ratcheting down to green is primarily this: if you haven't shut off the Back Orifice preprocessor by now or come up with another work around, you probably aren't going to in the near future.  This is still a hugely important issue, but our infocon status is designed to reflect changes in the threat level.  So, we're back at green, but reserve the right to go to Yellow or higher if a worm starts to spread using this vulnerability.  From our internal deliberations, such a worm would be highly problematic.  BTW, as Kyle Haugsness pointed out last night in this article, HD Moore has recently released some piece-parts of a sploit for this flaw in Metasploit.  We're very close to full exploitation, so shut off that darn preprocessor ASAP.  Also, check with your vendors if you suspect your commercial product may have Snort code in it.  Several IDS and IPS tools do, so watch out!

57 Posts
Oct 20th 2005

Sign Up for Free or Log In to start participating in the conversation!