Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Snort BO pre-processor Vulnerability SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Snort BO pre-processor Vulnerability
ISS released an advisory regarding a vulnerability in Snort's Back-Orfice pre-processor. The vulnerability could be used to execute arbitrary code on the snort sensor. Also, see the advisory at snort.org for more details.

As an immediate step, disable the BO preprocessor, by commenting out this line:
# preprocessor bo

this should eliminate the issue, and these days, Back Orfice is not all that much of a threat compared to other trojan/bots. You should also consider upgrading to Snort 2.4.3, which will fix the issue.



I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020

Johannes

3698 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!