Security researchers have discovered a flaw in Snort, the open-source intrusion detection system that could be used by attackers to run malicious code.

The stack buffer overflow bug is in the Snort (or Sourcefire) DCE/RPC preprocessor, said Neel Mehta, a member of IBM's Internet Security Systems X-Force research team. Mehta discovered the vulnerability, which could result in compromised or hijacked computers.

Danish security company Secunia rated the threat as "highly critical," the second-most-serious ranking in its 1-through-5 scoring system.

Several versions of Snort, which is the foundation of Sourcefire's security appliance line, are at risk, according to other advisories posted by US-CERT and the SANS Institute's Internet Storm Center. The vulnerable versions include Snort 2.6.1,,, and 2.7.0 Beta 1.

Sourcefire urged users of Snort 2.6.1.x to update to Version "immediately"; if upgrading isn't feasible, the DCE/RPC preprocessor should be disabled. Instructions for disabling the preprocessor are available online.

No working exploit for the vulnerability has been spotted yet, Sourcefire said.