Through the FrSIRT advisory I learned about the discovery of this vulnerability by A. Alejandro Hernández Hernández. An exploit is available to crash Snort. Interrupting program flow to control the system is not indicated at this time. The researcher used Fuzzball2 to send weird packets with Selective ACKnowledgement (SACK) options through Snort and find the exploit condition.
I am impressed by Sourcefire's response to this issue, as shown by the disclosure timeline:
- Flaw Discovered: 20/08/2005.
- Vendor Notification: 22/08/2005.
- Vendor Response: 23/08/2005.
- Date Published: 11/09/2005.
Sourcefire should have credited the researcher in their vulnerability announcement, however.
You can either upgrade via CVS, wait for Snort 2.4.1, or not run Snort in verbose mode.