News in Brief
New TCP/IP vulnerability; kernel patch slows XP systems
The free, open source packet sniffing tool for detecting network intrusion detections, Snort, is subject to denial of service attacks or remote command execution on a host running Snort. Versions 1.8 to 1.9.1, as well as Snort CVS, are affected. Snort reports that “the Snort stream4 preprocessor incorrectly calculates segment size parameters during stream reassembly for certain sequence number ranges which can lead to an integer overflow that can be expanded to a heap overflow.”
If an attacker created and transmitted special TCP stream packets, when they flowed over a network monitored by Snort, they would cause the overflow.
Link to more information and patch: http://www.snort.org/
Patch Slows XP Computers, Microsoft Recommends Patching Anyway
As chronicled last week (http://info.101com.com/default.asp?id=1133), Microsoft issued a patch for a vulnerability arising from a flaw in the way the kernel passes error messages to a debugger. The kernel is the core of the operating system, supplying basic services for all other parts of the operating system.
The vulnerability affects Windows NT 4.0, 4.0 Terminal Server Edition, 2000, and XP.
Microsoft is currently working on a new patch and will re-release it after testing. In the meantime, it recommends users read the service bulletin and consider installing the patch anyway, as the patch does fix the security vulnerability.
The Microsoft Security Bulletin can be found here: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-013.asp
Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.