The Snort attack signature detection engine used in the Viper Intrusion Detection system has been found to contain a serious vulnerability that can lead to compromise of the device running it. The security problem affects the initial test release of the Viper and as such, the downloads for the current test release have been disabled until a fix it put in place. More information is available on the Snort homepage at www.snort.org.
As to the level of threat that this poses anyone testing Viper, it is serious but nothing to panic over. Viper does not bind an IP to its external interface and is therefor very hard to detect. Viper does not provide a means of connecting directly to the IDS sensor from the sniffer interface.
It is still recommended that anyone testing Viper on a production network disconnect the senor from any network segments that may be reachable from the Internet.
Snort IDS and Viper security issue
- Details
- Written by: Coyote Linux
- Category: Historical Site News
- Hits: 23