Snort Sign
Snort SACK TCP Option Handling Remote Denial of Service Issue
A vulnerability has been identified in Snort, which could be exploited by remote attackers to cause a denial of service. This flaw is due to an error in the "PrintTcpOptions()" function [log.c] that does not properly handle specially crafted TCP packets containing malformed SACK options, which could be exploited by remote attackers to crash a vulnerable application. Note : This vulnerability exists only when Snort is run in verbose mode.
alert tcp $EXTERNAL_NET 31337 -> $HOME_NET 64876
(msg:"malformed-Sack--SnortDoS-by-$um$id";
seq:0;ack:0;window:65535;dsize:0;
sid:5000009211;rev:1;
classtype: snort-DOS attempt;)
References:-FrSIRT Advisory : FrSIRT/ADV-2005-1721
A vulnerability has been identified in Snort, which could be exploited by remote attackers to cause a denial of service. This flaw is due to an error in the "PrintTcpOptions()" function [log.c] that does not properly handle specially crafted TCP packets containing malformed SACK options, which could be exploited by remote attackers to crash a vulnerable application. Note : This vulnerability exists only when Snort is run in verbose mode.
alert tcp $EXTERNAL_NET 31337 -> $HOME_NET 64876
(msg:"malformed-Sack--SnortDoS-by-$um$id";
seq:0;ack:0;window:65535;dsize:0;
sid:5000009211;rev:1;
classtype: snort-DOS attempt;)
References:-FrSIRT Advisory : FrSIRT/ADV-2005-1721
posted by SumSid at 10:16 PM
0 comments
