Sourcefire VRT rules update addresses remote stack buffer overflow in rule 3:20275

Published: 2013-01-18. Last Updated: 2013-01-18 18:37:26 UTC
by Russ McRee (Version: 1)
0 comment(s)

Sourcefire VRT released a rules update on 17 JAN that included what they refer to as "a potential security issue with rule 3:20275 reported by Tavis Ormandy."

Tavis' Tweet states that "today's snort rules fix a remote stack buffer overflow I found in rule 20275. Fixed by @sourcefire in just 48hrs. http://bit.ly/STm7Ij"

Fast turnaround by the Sourcefire gang. Here's the diff for the fix:

Compare: (<)D:\so_rules\src\netbios_kb961501-smb-printss-reponse.c (10885 bytes) with: (>)D:\so_rules\src\netbios_kb961501-smb-printss-reponse.c (10923 bytes)

Change 1:
<        2, /* revision */
---
>        3, /* revision */

Change 2:
> #define NUM_ARRAYS 20

Change 3:
<     u_int8_t check_array[10];
---
>     u_int8_t check_array[NUM_ARRAYS];

Change 4:
<     if(arrays > 20) {
---
>     if(arrays > NUM_ARRAYS) {

Russ McRee | @holisticinfosec

0 comment(s)

Interesting reads for Friday 18 JAN 2013

Published: 2013-01-18. Last Updated: 2013-01-18 17:14:09 UTC
by Russ McRee (Version: 1)
0 comment(s)

1) From reader Kevin Murphy, a nice mapping of NIST 800-53 controls to the 20 Critical Controls: http://isc.sans.edu/diaryimages/files/NIST-Critical_Controls_Mapping.xlsx

2) The Citizen Lab: Planet Blue Coat: Mapping Global Censorship and Surveillance Tools

  • Researchers use Shodan to identify Blue Coat system the could be user for digital censorship, surveillance, and tracking according to NYT

3) Dark Reading: Security Researchers Expose X-ray Machine Bug

  • ICS-CERT now handling medical device vulnerability alerts in addition to SCADA/ICS vulnerabilities

4) Spiceworks: Passwords: The security tool that loves to be insecure

5) The Next Web: Microsoft debuts Android, iOS, and Windows Phone app to give, ask for help after natural disasters

Russ McRee | @holisticinfosec

0 comment(s)

Comments


Diary Archives