Snort mailing list archives
Remote Vulnerability in Snort - Fix and Workaround Available
From: Jennifer Steffens <jennifer.steffens () sourcefire com>
Date: Mon, 12 Sep 2005 18:27:58 -0400
Hey everyone,A vulnerability was found in PrintTcpOptions() function located in snort-2.4.0/src/log.c that could allow an attacker to craft a malformed TCP/IP packet and potentially cause a DoS in Snort. This vulnerability is only present in the rare instances that Snort is run in verbose mode (using the switch -v).
Details:An attacker can exploit this vulnerability with malicious TCP traffic containing a bad TCP SACK option causing the Snort engine to crash. Restarting Snort will cause the engine to return to normal functionality.
Fix and Workaround Details:A fix for this vulnerability was checked into the Snort 2.4 CVS tree on August 23rd, 2005 and is available for download at http://www.snort.org/pub-bin/snapshots.cgi. This fix will also be included in the upcoming 2.4.1 release. Users who do not wish to upgrade can simply choose not to run Snort in verbose mode to avoid being vulnerable.
Questions? Let us know at snort-team () sourcefire com. Thanks, Jennifer -- Jennifer Steffens Director, Product Management - Snort Sourcefire, Inc ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Remote Vulnerability in Snort - Fix and Workaround Available Jennifer Steffens (Sep 12)