Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Snort BO pre-processor Vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Snort BO pre-processor Vulnerability
ISS released an advisory regarding a vulnerability in Snort's Back-Orfice pre-processor. The vulnerability could be used to execute arbitrary code on the snort sensor. Also, see the advisory at snort.org for more details.

As an immediate step, disable the BO preprocessor, by commenting out this line:
# preprocessor bo

this should eliminate the issue, and these days, Back Orfice is not all that much of a threat compared to other trojan/bots. You should also consider upgrading to Snort 2.4.3, which will fix the issue.



Johannes

2898 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!