Sourcefire VRT rules update addresses remote stack buffer overflow in rule 3:20275
Sourcefire VRT released a rules update on 17 JAN that included what they refer to as "a potential security issue with rule 3:20275 reported by Tavis Ormandy."
Tavis' Tweet states that "today's snort rules fix a remote stack buffer overflow I found in rule 20275. Fixed by @sourcefire in just 48hrs. http://bit.ly/STm7Ij"
Fast turnaround by the Sourcefire gang. Here's the diff for the fix:
Compare: (<)D:\so_rules\src\netbios_kb961501-smb-printss-reponse.c (10885 bytes) with: (>)D:\so_rules\src\netbios_kb961501-smb-printss-reponse.c (10923 bytes)
Change 1:
< 2, /* revision */
---
> 3, /* revision */
Change 2:
> #define NUM_ARRAYS 20
Change 3:
< u_int8_t check_array[10];
---
> u_int8_t check_array[NUM_ARRAYS];
Change 4:
< if(arrays > 20) {
---
> if(arrays > NUM_ARRAYS) {
Comments