[Snort-devel] Snort 2.20 Denial of Service exploit posted

Mark markmormartin at ...436...
Sat Dec 25 17:18:14 EST 2004


Does any one have have more info on this DOS, the only reference I could
find for it was on the SANS site ?

Snort 2.20 Denial of Service exploit posted

K-OTik notified us of this exploit for Snort 2.2 and
earlier:http://www.k-otik.com/exploits/20041222.angelDust.c.php

It will core dump a running Snort process with a specially crafted
packed. The recommended fix is to upgrade to Snort 2.3 RC1 or better
which various handlers have reported is stable. This particular exploit
works with Linux-based distributions, but not BSD-based. (We tried
RHEL3, Debian, and OpenBSD

http://isc.sans.org/diary.php?date=2004-12-22




More information about the Snort-devel mailing list