Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Exploit for Snort BO available! SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Exploit for Snort BO available!
So, looks like finally there is an exploit public available for the Snort BO preprocessor vulnerability.
Our good reader Juha-Matti sent a note about an exploit published by FrSIRT, formely known as K-Otik.
On the good side, our Handler Kyle Haugsness created a tool and some snort signatures that can detect them!
I just tested it against the exploit and it really works! ;-) You can find it here .

If you didnt patch yet or applied the workarounds, do you need more reasons?
------------------------------------------------------------------
Pedro

155 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!