Snort mailing list archives
[greg.morris () sourcefire com: Snort Mitigation and Patch Notification]
From: "Karl A. Krueger" <kkrueger () whoi edu>
Date: Mon, 3 Mar 2003 12:19:29 -0500
A sales representative at Sourcefire, whom I asked some months ago to cease contacting me, today sent me unsolicited commercial email (spam). The odd thing about this spam is that it alleged an (as yet) undisclosed vulnerability in Snort's RPC decoding routines. Is it conventional for vendor sales representatives to use undisclosed vulnerability notices as a "teaser" in unsolicited commercial email? This strikes me as rather problematic. Thoughts? (Why pass this along ahead of the listed 1PM EST timeline? I don't like being spammed.) ----- Forwarded message from Greg Morris <greg.morris () sourcefire com> ----- From: "Greg Morris" <greg.morris () sourcefire com> To: kkrueger () whoi edu Subject: Snort Mitigation and Patch Notification Organization: Sourcefire Karl, Wanted to give you a heads up about an incident we discovered. It involves Snort. While we are only notifying our Sourcefire customers initially, I thought it important to notify you, since I know you run Snort. Call me to discuss (XXX) XXX-XXXX. The mitigation for SNORT only (non-Sourcefire user) is at the bottom of this email. Greg Subject: Sourcefire IMS Mitigation and Patch Notification Sourcefire would like to give our customers and partners notification that the Sourcefire Vulnerability Research Team has learned of a vulnerability in the Sourcefire Network Sensor product line. A full advisory and instructions for downloading a patch will be sent out at 1:00PM EST this afternoon. [REDACTED] Mitigation: Disabling the RPC preprocessor will make the Sourcefire Network Sensor invulnerable to the attack. [REDACTED] The mitigation instructions for Snort sensors are as follows: comment out the line in your snort.conf that begins: preprocessor rpc_decode and replace it with # preprocessor rpc_decode Greg Morris Sourcefire Network Security Director, Northeast Region Sales Mobile - (516) 769-2298 www.sourcefire.com ----- End forwarded message ----- -- Karl A. Krueger <kkrueger () whoi edu> Network Security -- Linux/Unix Systems Support -- Etc. Woods Hole Oceanographic Institution ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- [greg.morris () sourcefire com: Snort Mitigation and Patch Notification] Karl A. Krueger (Mar 03)
- Re: [greg.morris () sourcefire com: Snort Mitigation and Patch Notification] Matt Kettler (Mar 03)