Successful exploitation of this vulnerability could lead to execution of arbitrary commands on a system running the Snort sensor with the privileges of the user running the snort process (usually root), a denial of service attack against the snort sensor and possibly the implementation of IDS evasion techniques that would prevent the sensor from detecting attacks on the monitored network.
Tuesday, April 15, 2003
Snort 2.0 Stream4 Vulnerability
Here's a new reason to update to Snort 2.0 -- a vulnerability in the STREAM4 preprocessor. From the advisory: