Snort unified 1 IDS Logging - Alert Evasion Logfile CorruptionAlert Falsify

2009-09-21T00:00:00
ID EXPLOITPACK:B81A0228C5A04B5597A39520727AEBF4
Type exploitpack
Reporter Pablo Rincón Crespo
Modified 2009-09-21T00:00:00

Description

Snort unified 1 IDS Logging - Alert Evasion Logfile CorruptionAlert Falsify

                                        
                                            Advisory:
=========
Snort unified 1 IDS Logging Alert Evasion, Logfile Corruption/Alert Falsify


Log:
====
30/06/2009 Bug detected.
20/07/2009 First mail with snort team.
20/07/2009 Snort team answer they will fix it in the next release (2.8.5).
16/09/2009 Snort release, bug fixed.


Affected Versions:
==================
snort-2.8.1
snort-2.8.2
snort-2.8.3
snort-2.8.4
snort-2.8.5.beta*

link: http://pablo-secdev.blogspot.com/2009/09/snort-28-285stable-unified1-output-bug.html
poc: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/2009-snort-unified1_bug.tar.gz
# milw0rm.com [2009-09-21]