After some deliberation, we feel that the Snort Back Orifice pre-processor vulnerability could become a big problem very fast. As a result, we turned the Infocon status to 'yellow'.
You have a problem if you run Snort Version 2.4 (other then 2.4.3), and if you have the 'bo' preprocessor enabled. Why do we think this is a big deal:
Snort before version 2.4 is not vulnerable. Neither is any Snort install that does not have the bo preprocessor enabled. Please let us know if you see exploits posted, or have other details to share. We expect to stay on 'yellow' for about 12-24 hrs unless there are any new developments. I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANSFIRE 2022 |
Johannes 4504 Posts ISC Handler Oct 19th 2005 |
Thread locked Subscribe |
Oct 19th 2005 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!