Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Exploit for Snort BO available! SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Exploit for Snort BO available!
So, looks like finally there is an exploit public available for the Snort BO preprocessor vulnerability.
Our good reader Juha-Matti sent a note about an exploit published by FrSIRT, formely known as K-Otik.
On the good side, our Handler Kyle Haugsness created a tool and some snort signatures that can detect them!
I just tested it against the exploit and it really works! ;-) You can find it here .

If you didnt patch yet or applied the workarounds, do you need more reasons?

155 Posts
ISC Handler
Oct 25th 2005

Sign Up for Free or Log In to start participating in the conversation!