I read some posts about some bugs with snort so I basically did some more investigation and I realized that I can crash snort with a number of hand crafted packets.

Now the bottom line was that it is basically seg-faulting because of a null pointer exception. So from what I know that means there is no way to exploit in a way to run arbitrary commands and the only thing you could do is dos the program.

Or is there a way to exploit a null pointer? I googled around and I read some stuff about lynxOS being vulnerable to null pointer exceptions. Im not really sure how that would work, I mean you cant influnece the run time stack right?. Is it completely impossible or are there ways to execute commands this way?