Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Exploit for Snort BO available! SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Exploit for Snort BO available!
So, looks like finally there is an exploit public available for the Snort BO preprocessor vulnerability.
Our good reader Juha-Matti sent a note about an exploit published by FrSIRT, formely known as K-Otik.
On the good side, our Handler Kyle Haugsness created a tool and some snort signatures that can detect them!
I just tested it against the exploit and it really works! ;-) You can find it here .

If you didnt patch yet or applied the workarounds, do you need more reasons?
------------------------------------------------------------------
Pedro

155 Posts
ISC Handler
Oct 25th 2005

Sign Up for Free or Log In to start participating in the conversation!