[Snort-devel] Snort DoS vulnerability
maetrics at ...1052...
Thu Jan 10 22:40:01 EST 2002
Snort Denial of Service Vulnerability
by Sinbad and Chris Gragsone
Date: January 11, 2002
Advisory ID: Foot-20020111
Impact of vulnerability: Denial of Service
Maximum Risk: Moderate
Snort is an open source network intrusian detection system, capable of
performing real-time traffic analysis and packet
logging on IP networks.
Snort is vulnerable to an attack, when displaying the application layer
data. If an ICMP Echo or Echo-Reply has less
than 5 bytes of ICMP data, it causes a buffer overflow do to an
oversized len variable.
Hey marty see you at the next wargame =)
while snort running "snort -dv"
icmp -s1 <target network>
Patch a patch can be found at... http://footclan.realwarp.net/snort.patch
http://footclan.realwarp.net Sinbad (securitymail at ...561...) Chris
Gragsone (maetrics at ...1052...)
The contents of this advisory are copyright (c)2001 Foot Clan and may be
distributed freely provided that no fee is
charged for this distribution and proper credit is given.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the Snort-devel