I just found out about the vulnerability in Snort DCE/RPC Preprocessor. This preprocessor is vulnerable to a stack-based buffer overflow that could potentially allow attackers to execute code with the same privileges as the Snort binary.
It affected the followings :
- Snort 2.6.1, 184.108.40.206, and 220.127.116.11
- Snort 2.7.0 beta 1
- Open-source Snort 2.6.1.x users are advised to upgrade to Snort 18.104.22.168 (or later) immediately.
- Open-source Snort 2.7 beta users are advised to mitigate this issue by disabling the DCE/RPC preprocessor in snort.conf file. This issue will be resolved in Snort 2.7 beta 2.