ISS released an advisory regarding a vulnerability in Snort's Back-Orfice pre-processor. The vulnerability could be used to execute arbitrary code on the snort sensor. Also, see the advisory at snort.org for more details.
As an immediate step, disable the BO preprocessor, by commenting out this line:
# preprocessor bo
this should eliminate the issue, and these days, Back Orfice is not all that much of a threat compared to other trojan/bots. You should also consider upgrading to Snort 2.4.3, which will fix the issue.
I will be teaching next: Intrusion Detection In-Depth - SANS Boston Summer 2019
Oct 18th 2005
1 decade ago