Snort, the open-source intrusion-detection software, is vulnerable to hackers, its developers said this week.
Snort's popularity has grown as many businesses have been tempted away from expensive proprietary intrusion-detection systems. Advocates of Snort argue that it is more secure than products created by network gear makers such as Cisco Systems because its code is open for developers to both find and fix flaws.
But on Monday, Sourcefire, the company behind Snort, said that hackers could potentially execute malicious code on a system running Snort and gain access to confidential data.
The vulnerability was reported to Sourcefire by Internet Security Systems, the security arm of IBM.
Reporting the weakness, an Internet Security Systems report said: "Snort IDS and Sourcefire Intrusion Sensor (intrusion-detection/prevention system) are vulnerable to a stack-based buffer overflow, which can result in remote code execution ... Compromise of machines using affected versions of Snort or Sourcefire may lead to exposure of confidential information, loss of productivity and further compromise. Successful exploitation of this vulnerability results in remote code execution with the privilege level of Snort, usually root or system."
Internet Security Systems said the following products are affected: Snort 2.6.1, 2.6.1.1, and 2.6.1.2; Snort 2.7.0 beta 1; Sourcefire Intrusion Sensors versions 4.1.x, 4.5.x, and 4.6.x with SEUs prior to SEU 64; Sourcefire Intrusion Sensor Software for Crossbeam versions 4.1.x, 4.5.x and 4.6.x with SEUs prior to SEU 64
Those using version 2.6.1, 2.6.1.1 or 2.6.1.2 should upgrade to 2.6.1.3, which is not vulnerable, Snort said. Users of version 2.7 should disable the DCE/RPC preprocessor, the program that contains the vulnerability. Version 2.7 is currently in beta, and the issue will be resolved in a second beta version, Snort said.
Richard Thurston of ZDNet UK reported from London.
SNORT is code.
Code is written by humans.
Humans make mistakes.
Thus, all code ever written contains mistakes, as it was written by humans.
Thus SNORT will contain mistakes or bugs as it contains code.
With me so far?
Now, the difference between Closed and Open source is.....*drum roll*
Open Source bugs are revealed quicker and fixed faster !!
There's no waiting for Patch Tuesday each month. In fact, I am very hard pressed to think of any instances where a high profile vulnerability in an Open Source project wasn't pretty well immediately fixed after being made public.
Contrast this to most Closed Source code where the vulnerability if frequently sat on for weeks and weeks after discovery and a fix isn't rolled out for months in some cases.
SNORT has a problem, the problem is discovered, the problem is fixed quickly, the problem goes away. This is a textbook example of how the Open Source model is better.