Exploit published for popular network tool

Attack uses flaw in the Snort open-source software, meant to protect networks against intruders.

Dawn Kawamoto Former Staff writer, CNET News

Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.

Dawn Kawamoto

Oct. 26, 2005 12:20 p.m. PT

An exploit has been published that could take advantage of a flaw in Snort, a popular open-source intrusion protection system, according to a security group.

The exploit code, published to the Web by FrSirt on Tuesday, demonstrates how vulnerabilities in a Snort sensor designed to detect an exploit tool called Back Orifice can be subject to a buffer overflow attack. Back Orifice is used by remote intruders to take control of compromised systems.

Last week, security experts warned of flaws in systems running Snort 2.4.0 and higher. The vulnerabilities could allow an attacker to send a malicious packet through a network that is using Snort to guard against Back Orifice.

Available for free, Snort software is estimated to have more than 100,000 active users, according to figures from Sourcefire, the software's developer. Sourcefire has issued a patch, Snort version 2.4.3, to address the problem. Sourcefire also advised people to disable the Back Orifice preprocessor in Snort if they are running it on vulnerable versions of the software.

Meanwhile, a tool to guard against the exploit has also been developed by an incident handler at the Internet Storm Center, which tracks network threats.