-
February 27th, 2006, 09:19 PM
#1
Heads up on SNORT
Posted today:
A vulnerability in Snort has been reported, which potentially can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to an error in the frag3 preprocessor which causes snort to skip "ip_option_length" bytes from the end of the IP options when reassembling a packet. This can potentially be exploited to bypass signature detection via certain specially-crafted fragmented packets.
The vulnerability has been reported in version 2.4.3. Other versions may also be affected.
posted HERE
Cheers:
-
February 27th, 2006, 10:22 PM
#2
I'm not seeing this issue anywhere else (SANS, f-Secure, etc.). Has it been verified at other sources you know of?
Thanks.
-
February 27th, 2006, 10:33 PM
#3
Originally posted here by rapier57
I'm not seeing this issue anywhere else (SANS, f-Secure, etc.). Has it been verified at other sources you know of?
Thanks.
Still researching, thought I'd post anyways, the site where it is posted has a good rep.
Cheers:
-
February 28th, 2006, 01:47 AM
#4
I found it on US-CERT: CVE-2006-0839. References SecurityFocus and a Bugtraq ID: 16705, Feb 17, 2006.
"Currently, we are not aware of any exploits for this vulnerability."
(http://www.us-cert.gov/cas/bulleting...ml#snortbypass)
-
February 28th, 2006, 03:58 PM
#5
Hi rapier57, the link you posted seems to be broke (at least for me it is) can you find it again?
Cheers:
-
February 28th, 2006, 04:59 PM
#6
Here it is.
It appears that rapier's link had 'bulletings' in it..
Cheers,
-jk
-
February 28th, 2006, 10:11 PM
#7
Ooops, sorry, I was typing it in from another system. Old fingers ... they stumble around.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|