[Snort-users] Remote Vulnerability in Snort - Fix and Workaround Available
jennifer.steffens at ...1935...
Mon Sep 12 15:29:00 EDT 2005
A vulnerability was found in PrintTcpOptions() function located in
snort-2.4.0/src/log.c that could allow an attacker to craft a malformed
TCP/IP packet and potentially cause a DoS in Snort. This vulnerability
is only present in the rare instances that Snort is run in verbose mode
(using the switch -v).
An attacker can exploit this vulnerability with malicious TCP traffic
containing a bad TCP SACK option causing the Snort engine to crash.
Restarting Snort will cause the engine to return to normal functionality.
Fix and Workaround Details:
A fix for this vulnerability was checked into the Snort 2.4 CVS tree on
August 23rd, 2005 and is available for download at
http://www.snort.org/pub-bin/snapshots.cgi. This fix will also be
included in the upcoming 2.4.1 release. Users who do not wish to upgrade
can simply choose not to run Snort in verbose mode to avoid being
Questions? Let us know at snort-team at ...3990...
Director, Product Management - Snort
More information about the Snort-users