I just found out about the vulnerability in Snort DCE/RPC Preprocessor. This preprocessor is vulnerable to a stack-based buffer overflow that could potentially allow attackers to execute code with the same privileges as the Snort binary.
It affected the followings :
- Snort 2.6.1, 220.127.116.11, and 18.104.22.168
- Snort 2.7.0 beta 1
- Open-source Snort 2.6.1.x users are advised to upgrade to Snort 22.214.171.124 (or later) immediately.
- Open-source Snort 2.7 beta users are advised to mitigate this issue by disabling the DCE/RPC preprocessor in snort.conf file. This issue will be resolved in Snort 2.7 beta 2.