[Snort-devel] Snort DoS vulnerability

Chris Gragsone maetrics at ...1052...
Thu Jan 10 22:40:01 EST 2002

				Snort Denial of Service Vulnerability

                                       by Sinbad and Chris Gragsone
                                                Foot Clan

Date: January 11, 2002
Advisory ID: Foot-20020111
Impact of vulnerability: Denial of Service
Exploitable: Remotely
Maximum Risk: Moderate

Affected Software:
Snort v1.8.3

Vulnerability Description:

Snort is an open source network intrusian detection system, capable of 
performing real-time traffic analysis and packet
logging on IP networks.

Snort is vulnerable to an attack, when displaying the application layer 
data. If an ICMP Echo or Echo-Reply has less
than 5 bytes of ICMP data, it causes a buffer overflow do to an 
oversized len variable.

Hey marty see you at the next wargame =)

Vulnerability Reproduction:
while snort running "snort -dv"

icmp -s1 &lttarget network>

Patch a patch can be found at... http://footclan.realwarp.net/snort.patch

http://footclan.realwarp.net Sinbad (securitymail at ...561...) Chris 
Gragsone (maetrics at ...1052...)

The contents of this advisory are copyright (c)2001 Foot Clan and may be 
distributed freely provided that no fee is
charged for this distribution and proper credit is given.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: snort.patch
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20020110/a049d5c5/attachment.ksh>

More information about the Snort-devel mailing list