Neel Metha of Internet Security Systems' (ISS) X-Force discovered a buffer overflow vulnerability in Snort, which according to ISS also affects Sourcefire--the commercial version of Snort. The vulnerability exists in the Back Orifice pre-processor and can be exploited with a single UDP packet. Such a packet could be sent directly to a system running Snort or Sourcefire. Because the tools can also inspect all traffic passing into a network an exploit might also be possible by sending a special UDP packet into a network protected by the tools.

Systems that do not use the Back Orifice pre-processor are not affected. Snort 2.4.3 was released to correct the problem. For more details about the problem in Snort read the announcement on the Web site and ISS' advisory . At the time of this writing no information was available about updates to Sourcefire.