[CVE-2008-1804] Snort IP fragment TTL evasion vulnerability
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snort (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
Gutsy |
Won't Fix
|
Undecided
|
Unassigned | ||
Hardy |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: snort
CVE-2008-1804 description:
"Remote exploitation of a design error vulnerability in Snort [...] could allow an attacker to bypass filter rules.
Due to a design error vulnerability, Snort does not properly reassemble fragmented IP packets. When receiving incoming fragments, Snort checks the Time To Live (TTL) value of the fragment, and compares it to the TTL of the initial fragment. If the difference between the initial fragment and the following fragments is more than a configured amount, the fragments will be silently discard. This results in valid traffic not being examined and/or filtered by Snort."
[...]
"iDefense has confirmed the existence of this vulnerability in Snort 2.8 and 2.6. Snort 2.4 is not vulnerable. "
http://
"preprocessors/
Related branches
CVE References
Changed in snort: | |
importance: | Undecided → Low |
status: | New → Confirmed |
This bug was fixed in the package snort - 2.7.0-19ubuntu1
---------------
snort (2.7.0-19ubuntu1) intrepid; urgency=low
* src/preprocesso rs/flow/ portscan/ server_ stats.c: web.nvd. nist.gov/ view/vuln/ detail? vulnId= CVE-2008- 1804
- Specify mode permission during open call, fix FTBFS.
* Apply patch from upstream CVS to let frag3 to remove enforcement of
ttl_limit. Add preprocessor alert for min_ttl anomaly (LP: #235901).
* References:
- CVE-2008-1804
- http://
snort (2.7.0-19) unstable; urgency=low
* Make the snort_rules_update example script use bash instead of sh.
(Closes: #489662)
snort (2.7.0-18) unstable; urgency=low
* Romain debconf translation provided by Eddy Petrior (Closes: 486137)
* Swedish debconf translation provided by Martin Bagge (Closes: 491785)
-- Luca Falavigna <email address hidden> Mon, 15 Sep 2008 21:22:19 +0200