Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Profile

 [metaslider id=2951] … Read More

  • Home
  • Profile
    • Contact Us
    • Security News
    • White Papers
  • Services
    • Compliance Regulations
      • PCI DSS Suite of Products
      • HIPAA/Hitech
      • SOX – Sarbanes Oxley
      • DCID 6/3/NISPOM Chapter 8/JAFAN DoD
      • NERC/FERC
    • Industry Consulting and Implementation
      • Banking and Financial
      • Energy/Utilities
      • Healthcare
      • Retail/Hospitality
    • Security Assessment
  • Security Solutions
    • Sophos
    • Endpoint Security Solutions
      • Bitdefender Business Solutions
      • Sophos Endpoint Protection
    • Forensic Solution – Threat Hunter
    • Network Access Control
      • NetShield
        • NetShield
    • NGFW – UTM – Perimeter Security
      • Sophos Network Protection
    • Security Awareness Training
      • KnowBe4 – Security Awareness Training
      • Sophos Phish Threat
  • White Papers
    • Sophos Webinar Series
  • Security News
    • Blog
    • Sophos Webinar Series
  • Free Security Tools

Snare Agents Advisory – Agent Denial of Service

2015/06/30 by admin

New agents released on June 30th please see release notes available at the client login page

A vulnerability exists in some versions of the Snare Agents, which can be triggered to terminate the Snare service. The exploit attempts to overflow an input buffer in the remote management interface, and can be performed by an unauthenticated user using a custom crafted URL.

Impact
This vulnerability does not allow the attacker to gain privileged access, but it does affect the operation of the agent.

Vulnerable Products
This affects the following the Snare Enterprise products:
– Snare Enterprise Agent for Windows
– Snare Enterprise Agent for MSSQL
– Snare Enterprise Epilog for Windows
– Snare Enterprise Epilog for Unix
– Snare Enterprise Agent for OSX
– Snare OpenSource Agents

Countermeasures
– Disabling the remote control interface (GUI) will block this issue. Note that disabling the remote control interface will also disable the ability of the agent management console, to manage the affected agent.
– Appropriate network firewall controls, will limit the sources from which this exploit can be triggered.
– Some Unix operating systems can detect the attack as a potential SYN flood and block the source system.

Vulnerable Versions
The following versions of Snare Enterprise agents, and all versions prior to these versions, should be considered vulnerable to this issue:
– Snare Enterprise Agent for Windows v4.2.12
– Snare Enterprise Agent for MSSQL v1.3.4
– Snare Enterprise Epilog for Windows v1.7.12
– Snare Enterprise Epilog for Unix v1.5.5
– Snare Enterprise Agent for OSX v1.1.3

All versions of the listed OpenSource/SnareLite agents, and prior versions, should be considered vulnerable to this issue:
– Snare OpenSource Agent for Windows v4.0.2.0
– Snare OpenSource Epilog for Windows v1.6.0
– Snare OpenSource Epilog for Unix v1.5.0

Patched Versions
The following versions of the Snare Enterprise agents have been patched, and are no longer vulnerable to this issue:
– Snare Enterprise Agent for Windows v4.3.0
– Snare Enterprise Agent for MSSQL v1.4.0
– Snare Enterprise Epilog for Windows v1.8.0
– Snare Enterprise Epilog for Unix v1.5.6
– Snare Enterprise Agent for OSX v1.1.4

For users who are running the OpenSource/SnareLite agents, it is recommended that the remote control interface be disabled. There is no schedule for fixes to the OpenSource/SnareLite agents at this time.

Filed Under: Log Management, Security News, Snare, Snare Agents

Let us help answer any questions you may have

requestmoreinformation.fw

Security News and Updates

  • Was my information part of a breach?
  • Phishing and stolen credentials
  • Ransomware is the Biggest Threat for Small to Medium Businesses

RSS SecurityWeek

  • Italy Temporarily Blocks ChatGPT Over Privacy Concerns
  • FDA Announces New Cybersecurity Requirements for Medical Devices
  • Report: Chinese State-Sponsored Hacking Group Highly Active

Contact

  • Contact Us

Request More Info

  • Request Quote

Site Map

  • Site Map

© Copyright 2016 Symtrex Inc. ; All Rights Reserved · Privacy Statement