This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
A IBM Internet Security Systems Protection Advisory reports :
Snort is vulnerable to a stack-based buffer overflow as a result of
DCE/RPC reassembly. This vulnerability is in a dynamic-preprocessor
enabled in the default configuration, and the configuration for this
preprocessor allows for auto-recognition of SMB traffic to perform
reassembly on. No checks are performed to see if the traffic is part
of a valid TCP session, and multiple Write AndX requests can be
chained in the same TCP segment. As a result, an attacker can exploit
this overflow with a single TCP PDU sent across a network monitored by
Snort or Sourcefire.
Snort users who cannot upgrade immediately are advised to disable the
DCE/RPC preprocessor by removing the DCE/RPC preprocessor directives
from snort.conf and restarting Snort. However, be advised that
disabling the DCE/RPC preprocessor reduces detection capabilities for
attacks in DCE/RPC traffic. After upgrading, customers should
re-enable the DCE/RPC preprocessor.
See also :
Update the affected package.
Risk factor :
Critical / CVSS Base Score : 10.0
Public Exploit Available : true