Intrusion Software Maker Snorts At Security Alert
Source: NewsBytes
The developer of Snort, a popular open-source intrusion detection system (IDS), downplayed reports of a security flaw that could enable attackers to disable the software.
According to an alert released Monday by Internet Security Systems (ISS), Snort versions 1.8.3 and earlier are susceptible to a denial of service attack.
"If launched successfully against a Snort-protected network, all IDS functionality may be disabled until Snort is manually restarted," said ISS in its alert.
ISS, which markets a commercial IDS product named RealSecure, stated that Snort's default configuration does not have the ability to restart when it crashes and requires a separate script or process monitor for such functionality.
The flaw in Snort was originally reported by a user named Sinbad Jan. 10 on the Bugtraq security mailing list, along with instructions on how to cause the software to crash and exit.
Martin Roesch, Snort's developer, was not immediately available for comment.