Results 1 to 7 of 7

Thread: Heads up on SNORT

  1. #1
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867

    Heads up on SNORT

    Posted today:

    A vulnerability in Snort has been reported, which potentially can be exploited by malicious people to bypass certain security restrictions.
    The vulnerability is caused due to an error in the frag3 preprocessor which causes snort to skip "ip_option_length" bytes from the end of the IP options when reassembling a packet. This can potentially be exploited to bypass signature detection via certain specially-crafted fragmented packets.
    The vulnerability has been reported in version 2.4.3. Other versions may also be affected.
    posted HERE

    Cheers:
    DjM

  2. #2
    I'm not seeing this issue anywhere else (SANS, f-Secure, etc.). Has it been verified at other sources you know of?

    Thanks.

  3. #3
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by rapier57
    I'm not seeing this issue anywhere else (SANS, f-Secure, etc.). Has it been verified at other sources you know of?

    Thanks.
    Still researching, thought I'd post anyways, the site where it is posted has a good rep.


    Cheers:
    DjM

  4. #4
    I found it on US-CERT: CVE-2006-0839. References SecurityFocus and a Bugtraq ID: 16705, Feb 17, 2006.

    "Currently, we are not aware of any exploits for this vulnerability."

    (http://www.us-cert.gov/cas/bulleting...ml#snortbypass)

  5. #5
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by rapier57
    I found it on US-CERT: CVE-2006-0839. References SecurityFocus and a Bugtraq ID: 16705, Feb 17, 2006.

    "Currently, we are not aware of any exploits for this vulnerability."

    (http://www.us-cert.gov/cas/bulleting...ml#snortbypass)
    Hi rapier57, the link you posted seems to be broke (at least for me it is) can you find it again?

    Cheers:
    DjM

  6. #6
    Senior Member
    Join Date
    Jul 2004
    Posts
    548
    Here it is.

    It appears that rapier's link had 'bulletings' in it..

    Cheers,

    -jk

  7. #7
    Ooops, sorry, I was typing it in from another system. Old fingers ... they stumble around.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •