Signature Detail

APP: Snort DCE RPC Processor Denial of Service

This signature detects attempts to exploit a known vulnerability in the Sourcefire Snort Intrusion Detection System. A successful attack can lead to a buffer overflow and denial of service.

Extended Description

Snort IDS and Sourcefire Intrusion Sensor are prone to a stack-based buffer-overflow vulnerability because the network intrusion detection (NID) systems fail to handle specially crafted 'DCE' and 'RPC' network packets. An attacker can exploit this issue to execute malicious code in the context of the user running the affected application. Failed attempts will likely cause these applications to crash.

Affected Products

• Debian Linux 4.0
• Debian Linux 4.0 Alpha
• Debian Linux 4.0 Amd64
• Debian Linux 4.0 Arm
• Debian Linux 4.0 Hppa
• Debian Linux 4.0 Ia-32
• Debian Linux 4.0 Ia-64
• Debian Linux 4.0 M68k
• Debian Linux 4.0 Mips
• Debian Linux 4.0 Mipsel
• Debian Linux 4.0 Powerpc
• Debian Linux 4.0 S/390
• Debian Linux 4.0 Sparc
• Gentoo net-analyzer/snort 2.6.1
• Nortel Networks Threat Protection System Defense Center 4.1.0
• Nortel Networks Threat Protection System Defense Center 4.5
• Nortel Networks Threat Protection System Defense Center 4.6
• Nortel Networks Threat Protection System Intrusion Sensor 4.1.0
• Nortel Networks Threat Protection System Intrusion Sensor 4.5
• Nortel Networks Threat Protection System Intrusion Sensor 4.6
• Red Hat Enterprise Linux AS 4
• Red Hat Fedora Core7
• Snort Project Snort 2.6.1
• Snort Project Snort 2.6.1.1
• Snort Project Snort 2.6.1.2
• Snort Project Snort 2.7.0 beta 1
• SuSE openSUSE 10.1

References

• BugTraq: 22616
• CVE: CVE-2006-5276
• URL: http://secunia.com/advisories/24190/