Snort mailing list archives

Previous By Date Next
Previous By Thread Next

[greg.morris () sourcefire com: Snort Mitigation and Patch Notification]

From: "Karl A. Krueger" <kkrueger () whoi edu>
Date: Mon, 3 Mar 2003 12:19:29 -0500
A sales representative at Sourcefire, whom I asked some months ago to
cease contacting me, today sent me unsolicited commercial email (spam).
The odd thing about this spam is that it alleged an (as yet) undisclosed
vulnerability in Snort's RPC decoding routines.  Is it conventional for
vendor sales representatives to use undisclosed vulnerability notices as
a "teaser" in unsolicited commercial email?  This strikes me as rather
problematic.  Thoughts?

(Why pass this along ahead of the listed 1PM EST timeline?  I don't like
being spammed.)


----- Forwarded message from Greg Morris <greg.morris () sourcefire com> -----
From: "Greg Morris" <greg.morris () sourcefire com>
To: kkrueger () whoi edu
Subject: Snort Mitigation and Patch Notification
Organization: Sourcefire

   Karl,

   Wanted to give you a heads up about an incident we discovered.  It
   involves Snort.  While we are only notifying our Sourcefire customers
   initially, I thought it important to notify you, since I know you run
   Snort.  Call me to discuss (XXX) XXX-XXXX.  The mitigation for SNORT only
   (non-Sourcefire user) is at the bottom of this email.

   Greg

   Subject: Sourcefire IMS Mitigation and Patch Notification

   Sourcefire would like to give our customers and partners notification that
   the Sourcefire Vulnerability Research Team has learned of a vulnerability
   in the Sourcefire Network Sensor product line. A full advisory and
   instructions for downloading a patch will be sent out at 1:00PM EST this
   afternoon.

[REDACTED]

   Mitigation:

   Disabling the RPC preprocessor will make the Sourcefire Network Sensor
   invulnerable to the attack.

[REDACTED]

   The mitigation instructions for Snort sensors are as follows:

   comment out the line in your snort.conf that begins:

       preprocessor rpc_decode

   and replace it with

       # preprocessor rpc_decode

   Greg Morris
   Sourcefire Network Security
   Director, Northeast Region Sales
   Mobile - (516) 769-2298
   www.sourcefire.com

----- End forwarded message -----

-- 
Karl A. Krueger <kkrueger () whoi edu>
Network Security -- Linux/Unix Systems Support -- Etc.
Woods Hole Oceanographic Institution



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: