Info

Disclosure

Oct 18, 2005

Discovery

Unknown

Dates

Exploit

Oct 25, 2005

Solution

Unknown

Description

A remote overflow exists in Snort. The Back Orifice Pre-Processor fails to validate UDP packets resulting in a stack overflow. With a specially crafted UDP packet, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public, Exploit Commercial
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Security Software

Solution

Upgrade to version 2.4.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Sourcefire, Inc.	Snort	2.4.0
		2.4.1
		2.4.2

References

Security Tracker: 1015070
Milw0rm: 1272 1313
Exploit Database: 1272 1313
Secunia Advisory ID: 17220 17255 17559
CERT VU: 175500
SCIP VulDB ID: 1825
Metasploit ID: 20034
CVE ID: 2005-3252 (see also: NVD)
VUPEN Advisory: ADV-2005-2138
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0505.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0010.html
Generic Exploit URL: http://immunitysec.com
http://www.saintcorporation.com/cgi-bin/exploit_info/snort_back_orifice
http://www.thc.org/exploits/THCsnortbo.c
Generic Informational URL: http://isc.sans.org/diary.php?storyid=782
http://www.eweek.com/article2/0,1895,1872640,00.asp
http://www.networkworld.com/news/2005/101805-snort.html
Vendor Specific Advisory URL: http://www.novell.com/linux/security/advisories/2005_26_sr.html
http://www.snort.org/pub-bin/snortnews.cgi#99
http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=362187&RenditionID=
Other Advisory URL: http://xforce.iss.net/xforce/alerts/id/207
US-CERT Cyber Security Alert: TA05-291A

Credit

Neel Mehta - -

Direct URL: http://osvdb.org/20034

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Sourcefire, Inc.

Snort

References

Credit