It has been reported that Snort is prone to a weakness that may cause an analyst or the correlation engine to improperly identify a signature. It has been reported that due to unspecified circumstances, the application may incorrectly classify network traffic with a "MS-SQL Worm propagation attempt" label or other labels. Under some circumstances, misreported traffic may be incorrectly flagged as innocuous.
not vulnerable Snort Project Snort 2.1.1 RC1
dumpadm , coreadm