10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.71 High
EPSS
Percentile
98.0%
A IBM Internet Security Systems Protection Advisory
reports:
Snort is vulnerable to a stack-based buffer overflow as a
result of DCE/RPC reassembly. This vulnerability is in a
dynamic-preprocessor enabled in the default configuration,
and the configuration for this preprocessor allows for
auto-recognition of SMB traffic to perform reassembly
on. No checks are performed to see if the traffic is part
of a valid TCP session, and multiple Write AndX requests
can be chained in the same TCP segment. As a result, an
attacker can exploit this overflow with a single TCP PDU
sent across a network monitored by Snort or Sourcefire.
Snort users who cannot upgrade immediately are advised to
disable the DCE/RPC preprocessor by removing the DCE/RPC
preprocessor directives from snort.conf and restarting
Snort. However, be advised that disabling the DCE/RPC
preprocessor reduces detection capabilities for attacks in
DCE/RPC traffic. After upgrading, customers should
re-enable the DCE/RPC preprocessor.