Added: 08/28/2007
CVE: CVE-2005-3252
BID: 15131
OSVDB: 20034
Back Orifice is a remote system administration program for Windows. It is commonly installed by attackers or Trojan Horse programs for use as a backdoor.
Snort is an open-source intrusion detection system. It includes a Back Orifice pre-processor, which handles Back Orifice traffic before it is passed to the intrusion detection engine.
A buffer overflow vulnerability in the Back Orifice pre-processor in Snort could allow remote attackers to execute arbitrary commands by sending a specially crafted Back Orifice ping to a host on a network monitored by Snort.
Upgrade to Snort 2.4.3 or higher.
<http://www.kb.cert.org/vuls/id/175500>
Exploit works on Snort 2.4.2 on Windows and Red Hat 8.
Windows 2000
Windows XP SP0 / Windows XP SP1
Windows XP SP2 / Windows XP
Windows Server 2003 SP0
Windows Server 2003 SP1
Windows Server 2003 SP2 / Windows Server 2003
Linux