[Snort-devel] Snort DoS vulnerability

Chris Gragsone maetrics at ...1052...
Thu Jan 10 22:40:01 EST 2002


				Snort Denial of Service Vulnerability

                                       by Sinbad and Chris Gragsone
                                                Foot Clan

Date: January 11, 2002
Advisory ID: Foot-20020111
Impact of vulnerability: Denial of Service
Exploitable: Remotely
Maximum Risk: Moderate

Affected Software:
Snort v1.8.3

Vulnerability Description:

Snort is an open source network intrusian detection system, capable of 
performing real-time traffic analysis and packet
logging on IP networks.

Snort is vulnerable to an attack, when displaying the application layer 
data. If an ICMP Echo or Echo-Reply has less
than 5 bytes of ICMP data, it causes a buffer overflow do to an 
oversized len variable.

Hey marty see you at the next wargame =)

Vulnerability Reproduction:
while snort running "snort -dv"

icmp -s1 &lttarget network>

Patch a patch can be found at... http://footclan.realwarp.net/snort.patch
References:
http://www.snort.org/

Contact:
http://footclan.realwarp.net Sinbad (securitymail at ...561...) Chris 
Gragsone (maetrics at ...1052...)

Disclaimer:
The contents of this advisory are copyright (c)2001 Foot Clan and may be 
distributed freely provided that no fee is
charged for this distribution and proper credit is given.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: snort.patch
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20020110/a049d5c5/attachment.ksh>


More information about the Snort-devel mailing list