Monday, September 12, 2005

Snort SACK TCP Option Handling Remote Denial of Service Issue

Via FrSIRT.

FrSIRT Advisory : FrSIRT/ADV-2005-1721
CVE Reference : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-09-12

* Technical Description *

A vulnerability has been identified in Snort, which could be exploited by remote attackers to cause a denial of service. This flaw is due to an error in the "PrintTcpOptions()" function [log.c] that does not properly handle specially crafted TCP packets containing malformed SACK options, which could be exploited by remote attackers to crash a vulnerable application. Note : This vulnerability exists only when snort is run in verbose mode.

* Affected Products *

Snort version 2.4.0 and prior

* Solution *

A fix is available via CVS :
http://www.snort.org/pub-bin/snapshots.cgi

* References *

http://www.frsirt.com/english/advisories/2005/1721
http://www.vulnfact.com/advisories/snort_adv.html



posted by Fergie @ 9/12/2005 05:19:00 PM

0 Comments:

Post a Comment

<< Home