[Snort-devel] [Snort-users] Snort 2.20 Denial Of Service Exploit
nnposter at ...64...
Thu Dec 23 18:35:01 EST 2004
"M. Shirk" <shirkdog_list at ...445...> wrote
> I have not verified this, but saw it before leaving the house this morning.
> This is from http://isc.incidents.org
> Snort 2.20 Denial of Service exploit posted
> K-OTik notified us of this exploit for Snort 2.2 and
> It will core dump a running Snort process with a specially crafted packed.
> The recommended fix is to upgrade to Snort 2.3 RC1 or better which various
> handlers have reported is stable. This particular exploit works with
> Linux-based distributions, but not BSD-based. (We tried RHEL3, Debian, and
FWIW, my experience is that the exploit packet with TCP options 0x0600ffff will crash snort 2.1.3 in the sniffer mode (-v) but not in the IDS mode (at least with my configuration file). The logged event is 116:55:1 (snort_decoder): Truncated Tcp Options.
More information about the Snort-devel