February 27th, 2006, 09:19 PM
Heads up on SNORT
A vulnerability in Snort has been reported, which potentially can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to an error in the frag3 preprocessor which causes snort to skip "ip_option_length" bytes from the end of the IP options when reassembling a packet. This can potentially be exploited to bypass signature detection via certain specially-crafted fragmented packets.
The vulnerability has been reported in version 2.4.3. Other versions may also be affected.