FreeBSD : snort -- DCE/RPC preprocessor vulnerability (afdf500f-c1f6-11db-95c5-000c6ec775d9)

This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

A IBM Internet Security Systems Protection Advisory reports :

Snort is vulnerable to a stack-based buffer overflow as a result of
DCE/RPC reassembly. This vulnerability is in a dynamic-preprocessor
enabled in the default configuration, and the configuration for this
preprocessor allows for auto-recognition of SMB traffic to perform
reassembly on. No checks are performed to see if the traffic is part
of a valid TCP session, and multiple Write AndX requests can be
chained in the same TCP segment. As a result, an attacker can exploit
this overflow with a single TCP PDU sent across a network monitored by
Snort or Sourcefire.

Snort users who cannot upgrade immediately are advised to disable the
DCE/RPC preprocessor by removing the DCE/RPC preprocessor directives
from snort.conf and restarting Snort. However, be advised that
disabling the DCE/RPC preprocessor reduces detection capabilities for
attacks in DCE/RPC traffic. After upgrading, customers should
re-enable the DCE/RPC preprocessor.

See also :

http://xforce.iss.net/xforce/xfdb/31275
http://www.nessus.org/u?24d71b61
http://www.nessus.org/u?1acce947

Solution :

Update the affected package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 24686 (freebsd_pkg_afdf500fc1f611db95c5000c6ec775d9.nasl)

Bugtraq ID:

CVE ID: CVE-2006-5276

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now