Sourcefire Vulnerability Research Team Discovers OSSP shiela Vulnerability; Sourcefire Vulnerability Research Team Continues to Deliver Coverage Ahead of Threats.COLUMBIA, Md. -- Open source innovator, Sourcefire, Inc., a leader in network intrusion prevention See IPS and IDS. , today announced that it discovered a vulnerability in shiela, an open source access control and logging tool for Concurrent Versions System (programming) Concurrent Versions System - (CVS) A cross-platform code management system originally based on RCS. CVS tracks all revisions to a file in an associated file with the same name as the original file but with the string ",v" (for version) appended to the filename. (CVS (1) (Concurrent Versions System) A version control system for Unix that was initially developed as a series of shell scripts in the mid-1980s. CVS maintains the changes between one source code version and another and stores all the changes in one file. ). The Sourcefire(R) Vulnerability Research Team (VRT VRT Vita Radio Transport (communications standard / protocol) VRT Virus Removal Tools VRT Vehicle Registration Tax VRT Vehicle Reg Tax VRT Voltage Reduction Technology (Intel Corp) ) discovered a flaw within the command execution routines of Open Source Software Project (OSSP OSSP Open Source Software Project OSSP Organization Standard Software Process OSSP Organization's Set of Standard Processes OSSP Operations Systems Strategic Plan (Bellcore) OSSP Operating System Service Provider ) shiela prior to and including version 1.1.5, affecting CVS servers with OSSP shiela enabled. Sourcefire's VRT is chartered with researching new vulnerabilities and creating methods for detecting and preventing attempts to exploit them. The team utilizes advanced protocol modeling to write rules that detect many worms and malicious scripts exploiting underlying vulnerabilities. In this case, Sourcefire 3D System and Snort An open source network intrusion detection system (NIDS) that is noted for its effectiveness. Developed by Martin Roesch, Snort can also be used just as a packet logger or packet sniffer. For more information, visit www.snort.org. See IDS. (R) users were provided with an analysis of the vulnerability in advance of any known exploit and confirmation that OSSP shiela 1.1.7, which was released on July 25, 2006, addresses this vulnerability. OSSP shiela customers are encouraged to upgrade to version 1.1.7. "Sourcefire is dedicated to ensuring that our customers and the open source community are operating in the most secure environments possible and the Sourcefire Vulnerability Research Team is critical in delivering on this mission," said Martin Roesch, Sourcefire CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. and creator of Snort. "Customers need to know that their security solutions are backed by a research team that proactively works to ensure the best protection possible. The Sourcefire VRT delivers protection against the latest threats, so that the Snort community and Sourcefire users are protected well before an exploit is released." Vulnerability Details In certain cases, this vulnerability could result in the remote execution of arbitrary commands, or total compromise of an affected machine. The flaw makes it possible to execute an arbitrary command on the CVS server, due to a shell command insertion attack. If a CVS repository with OSSP shiela enabled is accessible via pserver, non-shell users may be able to execute commands. Specifically, a user with the ability to commit files to a CVS repository would have the opportunity to execute arbitrary commands as that user. In addition, if CVS access via pserver is enabled, users with repository specific passwords can execute arbitrary commands as the real identity stored in the password file. Further information about this vulnerability and how to obtain Snort Rules is available at http://www.snort.org/rules/docs/vrt/shiela.html. Brian Caswell Brian Caswell (born 13 January 1954) is an Australian author. Biography Brian Caswell was born in a village called Gwernaffield in Wales,on the 13th of January, 1954. [1] [2]. His family moved to England, when he was 5 years old. , principal research engineer for the Sourcefire VRT, discovered the vulnerability and will be speaking about evasion of intrusion detection systems at next week's Black Hat convention in Las Vegas Las Vegas (läs vā`gəs), city (1990 pop. 258,295), seat of Clark co., S Nev.; inc. 1911. It is the largest city in Nevada and the center of one of the fastest-growing urban areas in the United States. , NV. Mr. Caswell will also be joined by HD Moore, founder of the Metasploit project The Metasploit Project is an open source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. and director of security research at BreakingPoint Systems. For more information on the Black Hat convention visit http://www.blackhat.com/html/bh-usa-06/bh-usa-06-schedule.html About the Sourcefire Vulnerability Research Team The Sourcefire VRT is comprised of intrusion prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the open source Snort community. Snort has been downloaded more than 3 million times and has over 100,000 active users. Sourcefire's award-winning Vulnerability Research Team in collaboration with the open source community, develops the official VRT Certified Snort Rules that are distributed on Snort.org. By collaborating with the open source community, the VRT is able to develop VRT Certified Snort Rules quickly while maintaining quality and performance. The rate at which users have downloaded the VRT Certified Snort Rules has tripled over the last year. The Sourcefire VRT Certified Rules represent the pinnacle of Snort Rules development and the optimum detection rule sets for Snort. About Sourcefire Sourcefire, Inc., a leader in intrusion prevention, enables organizations to manage and minimize network security risks with its 3D Approach - Discover, Determine, Defend - securing real networks in real-time. The company's network defense system unifies intrusion and vulnerability management technologies to provide customers with an effective network security solution. Founded in 2001 by the creator of open source Snort(R), Sourcefire is headquartered in Columbia, MD. SOURCEFIRE(R), SNORT(R), the Sourcefire logo, the Snort and Pig logo, SECURITY FOR THE REAL WORLD(TM), SOURCEFIRE DEFENSE CENTER(TM), SOURCEFIRE 3D(TM), RNA RNA: see nucleic acid. RNA in full ribonucleic acid One of the two main types of nucleic acid (the other being DNA), which functions in cellular protein synthesis in all living cells and replaces DNA as the carrier of genetic (TM) and certain other trademarks and logos are trademarks or registered trademarks of Sourcefire, Inc. in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. and other countries. For more information about Sourcefire, please visit http://www.sourcefire.com. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion