This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
APP:SNORT:DCE-RPC-DOS
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
APP
|
Keywords |
Snort DCE RPC Processor Denial of Service
|
Release Date |
2007/02/28
|
Update Number |
1213
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
APP: Snort DCE RPC Processor Denial of Service
This signature detects attempts to exploit a known vulnerability in the Sourcefire Snort Intrusion Detection System. A successful attack can lead to a buffer overflow and denial of service.
Extended Description
Snort IDS and Sourcefire Intrusion Sensor are prone to a stack-based buffer-overflow vulnerability because the network intrusion detection (NID) systems fail to handle specially crafted 'DCE' and 'RPC' network packets.
An attacker can exploit this issue to execute malicious code in the context of the user running the affected application. Failed attempts will likely cause these applications to crash.
Affected Products
- Debian linux 4.0
- Debian linux 4.0 Alpha
- Debian linux 4.0 Amd64
- Debian linux 4.0 Arm
- Debian linux 4.0 Hppa
- Debian linux 4.0 Ia-32
- Debian linux 4.0 Ia-64
- Debian linux 4.0 M68k
- Debian linux 4.0 Mips
- Debian linux 4.0 Mipsel
- Debian linux 4.0 Powerpc
- Debian linux 4.0 S/390
- Debian linux 4.0 Sparc
- Gentoo net-analyzer/snort 2.6.1
- Nortel_networks threat_protection_system_defense_center 4.1.0
- Nortel_networks threat_protection_system_defense_center 4.5
- Nortel_networks threat_protection_system_defense_center 4.6
- Nortel_networks threat_protection_system_intrusion_sensor 4.1.0
- Nortel_networks threat_protection_system_intrusion_sensor 4.5
- Nortel_networks threat_protection_system_intrusion_sensor 4.6
- Red_hat enterprise_linux_as 4
- Red_hat fedora Core7
- Snort_project snort 2.6.1
- Snort_project snort 2.6.1.1
- Snort_project snort 2.6.1.2
- Snort_project snort 2.7.0 beta 1
- Suse opensuse 10.1
References