Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Snort URL evasion vulnerability patched and version 2.6.0 available - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Snort URL evasion vulnerability patched and version 2.6.0 available
The Snort NIDS (http://www.snort.org) vulnerability that was discussed last week (http://isc.sans.org/diary.php?storyid=1373) has been addressed by the Snort team. The latest version, 2.4.5, fixes two vulnerabilites what might have allowed an attacker to send malicious web requests undetected by Snort. Get it at snort.org.

Late breaking news flash! Snort 2.6.0 is out. According to Jennifer Steffens of Sourcefire, the new release includes:
  • Tcp stream properly reassembled after failed sequence check, which may lead to possible detection evasion.
  • Added configurable stream flushpoints.
  • Improved rpc processing.
  • Improved portscan detection.
  • Improved http request processing and handling of possible evasion cases.
  • Improved performance monitoring.
There is also dynamic rules processing and a new version numbering scheme. http://www.snort.org/pub-bin/snortnews.cgi
George

25 Posts

Sign Up for Free or Log In to start participating in the conversation!