FreeBSD : snort -- Back Orifice preprocessor buffer overflow vulnerability (97d45e95-3ffc-11da-a263-0001020eed82)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Jennifer Steffens reports :

The Back Orifice preprocessor contains a stack-based buffer overflow.
This vulnerability could be leveraged by an attacker to execute code
remotely on a Snort sensor where the Back Orifice preprocessor is
enabled. However, there are a number of factors that make remote code
execution difficult to achieve across different builds of Snort on
different platforms, even on the same platform with different compiler
versions, and it is more likely that an attacker could use the
vulnerability as a denial of service attack.

The Back Orifice preprocessor can be disabled by commenting out the
line 'preprocessor bo' in snort.conf. This can be done in any text
editor using the following procedure :

- Locate the line 'preprocessor bo'

- Comment out this line by preceding it with a hash (#). The new line
will look like '#preprocessor bo'

- Save the file

- Restart snort

See also :

http://www.nessus.org/u?4bccebc1
http://xforce.iss.net/xforce/alerts/id/207
http://www.nessus.org/u?ac009386

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21481 (freebsd_pkg_97d45e953ffc11daa2630001020eed82.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now