Brief: Sourcefire addresses Snort flaw

Home
Topics
Network Security Management
Threat and Vulnerability Management
Brief: Sourcefire addresses Snort flaw

Article

Brief: Sourcefire addresses Snort flaw

SearchSecurity.com Staff

Sourcefire Inc. announced late Tuesday that it has released an updated version of its Snort intrusion detection system (IDS) that resolves a vulnerability in the product.

In a news release, the Columbia, Md.-based intrusion defense vendor said it worked with Pittsburgh, Pa.-based security services vendor VigilantMinds Inc. to identify a flaw in the popular open source tool and demonstrate how an exploit would allow malicious hackers to circumvent Snort monitoring. The new versions, Snort 2.6.0 and 2.4.5, are available via the

Requires Free Membership to View

Login

SearchSecurity.co.UK members gain immediate and unlimited access to breaking UK industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.co.UK today!

Michael S. Mimoso, Editorial Director

By submitting your registration information to SearchSecurity.co.uk you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.co.uk is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Snort.org download site.

The security issue, first revealed last week, could allow malicious packets to damage Snort-protected computers if left unpatched. Though no exploit has been discovered in the wild, one vendor's advisory gave the flaw a 7.2 severity rating and 5.4 urgency, most likely due to Snort's widespread use.

The issue was discovered by Carpenteria, Calif.-based security vendor Demarc Security Inc., which released its own fix along with its bulletin.

Earlier this week, Chicago-based intrusion prevention system (IPS) firm AmbironTrustWave Corp. announced its own patch for the Snort flaw. Snort is used as a component of its ipANGEL product line.

Related Topics: Threat and Vulnerability Management, VIEW ALL TAGS

Dig Deeper

People who read this also read...

Related glossary terms

Terms for Whatis.com - the technology online dictionary

Show me more

More from Related TechTarget Sites

Networking UK
Virtual Data Centre
Data Management UK
Security
Cloud Security
Security IN

Networking UK
- Cisco Live London: 40 and 100 GbE, souped up WLAN
  
  At Cisco Live London, Cisco launched 40 and 100 GbE switching, a souped-up 4-antenna WLAN access point, and a host of network virtualisation technologies.
- UK Networkers should gear up for mobility implementations in 2012
  
  Companies are rethinking legacy tools to take advantage of what users get from having access to data and applications across all kinds of devices, according to TechTarget’s 2012 IT Priorities Survey.
- Cloud gets vote of confidence from UK buyers in 2012 IT priorities
  
  The cloud is set to be a key investment area for UK buyers in 2012 with 30.5% of IT buyers pledging to spend on the technology, according to TechTarget’s 2012 IT Priorities Survey.
Virtual Data Centre
- Palmer's College scores on virtualisation, data centre consolidation
  
  Palmer's College's virtualisation and data centre consolidation project did not just improve IT efficiency and scalability, but also saves on data centre cooling costs.
- How IT can convince stakeholders of the value of technology projects
  
  IT professionals must take data centre measures to convince stakeholders of the business value of technology projects. This will help IT emerge as a valuable business resource.
- Virtualisation, cloud and compliance are top priorities for IT in 2012
  
  A TechTarget study finds that IT pros’ main priorities for 2012 are virtualisation, cloud computing and compliance. Experts show how they can carry these out with limited budget.
DataManagement UK
- Gartner: Address economy, compliance with information governance, MDM
  
  IT leaders need to get information governance right if MDM is to help cut costs, stoke productivity and mitigate risk, according to Gartner on the eve of the MDM summit.
- Gartner: Business, analytics fail to connect, mobile BI gets real
  
  Gartner’s BI London summit will show a landscape beset by strategic misalignment, intra-organisational struggle and weak cloud adoption. Yet mobile BI is becoming a reality.
- 2012 training courses: BI, data management, data warehousing
  
  Find out where to hone your business intelligence, data management and data warehouse skills with this list of training courses for 2012.
Security
- Marty Roesch pushes collective analysis, underscores cyberthreat intelligence
  
  Sourcefire CTO Marty Roesch introduced cloud-based analysis for threat intelligence gathering. Network security monitoring platforms like RSA NetWitness may be headed in a similar direction.
- Longstanding security problems plague enterprises, Trustwave finds
  
  While organizations focus on mobile security and other emerging threats, an analysis of more than 2,000 penetration tests conducted by Trustwave found older threats often overlooked.
- Adobe issues support for Flash Player sandboxing in Firefox
  
  Adobe has launched the pubic beta of a new Flash Player sandbox feature for Firefox users, making attacks more difficult for cybercriminals.
Cloud Security
- SaaS security: Weighing SaaS encryption options
  
  A look at SaaS encryption techniques and challenges.
- Panel debates cloud computing governance issues
  
  Problems with data governance in the cloud aren’t much different than traditional outsourcing.
- The proposed EU data protection regulation and its impact on cloud users
  
  Cloud customers and cloud providers would face stricter data security requirements under draft European regulation.
Information Security
- IDFC’s information security awareness week tastes success with ‘Mr Gobo’
  
  Financial major IDFC set out to craft its information security awareness initiative with a portal that led users via a ‘Mafia don’s den’. Step in for more.
- Backtrack 5 PDF tutorial compendium: A pen-tester’s ready reckoner
  
  Our BackTrack 5 PDF tutorials collection will help you hone your edge, whether you are a security professional or an enthusiast. Best yet, they are free!
- Adobe issues support for Flash Player sandboxing in Firefox
  
  Adobe has launched the pubic beta of a new Flash Player sandbox feature for Firefox users, making attacks more difficult for cybercriminals.

All Rights Reserved, Copyright 2008 - 2012, TechTarget