Sourcefire VRT rules update addresses remote stack buffer overflow in rule 3:20275
Sourcefire VRT released a rules update on 17 JAN that included what they refer to as "a potential security issue with rule 3:20275 reported by Tavis Ormandy."
Tavis' Tweet states that "today's snort rules fix a remote stack buffer overflow I found in rule 20275. Fixed by @sourcefire in just 48hrs. http://bit.ly/STm7Ij"
Fast turnaround by the Sourcefire gang. Here's the diff for the fix:
Compare: (<)D:\so_rules\src\netbios_kb961501-smb-printss-reponse.c (10885 bytes) with: (>)D:\so_rules\src\netbios_kb961501-smb-printss-reponse.c (10923 bytes)
Change 1:
< 2, /* revision */
---
> 3, /* revision */
Change 2:
> #define NUM_ARRAYS 20
Change 3:
< u_int8_t check_array[10];
---
> u_int8_t check_array[NUM_ARRAYS];
Change 4:
< if(arrays > 20) {
---
> if(arrays > NUM_ARRAYS) {
Interesting reads for Friday 18 JAN 2013
1) From reader Kevin Murphy, a nice mapping of NIST 800-53 controls to the 20 Critical Controls: http://isc.sans.edu/diaryimages/files/NIST-Critical_Controls_Mapping.xlsx
2) The Citizen Lab: Planet Blue Coat: Mapping Global Censorship and Surveillance Tools
- Researchers use Shodan to identify Blue Coat system the could be user for digital censorship, surveillance, and tracking according to NYT
3) Dark Reading: Security Researchers Expose X-ray Machine Bug
- ICS-CERT now handling medical device vulnerability alerts in addition to SCADA/ICS vulnerabilities
4) Spiceworks: Passwords: The security tool that loves to be insecure
5) The Next Web: Microsoft debuts Android, iOS, and Windows Phone app to give, ask for help after natural disasters
Comments