VAR-200602-0404
Vulnerability from variot - Updated: 2023-12-18 11:12The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths. Snort is reportedly prone to a vulnerability that may allow malicious packets to bypass detection. Reports indicate that the Frag3 preprocessor fails to properly analyze certain packets. A successful attack can allow attackers to bypass intrusion detection and to carry out attacks against computers protected by Snort. This vulnerability affects Snort 2.4.3. Other versions may be vulnerable as well.
TITLE: Snort frag3 Preprocessor Packet Reassembly Vulnerability
SECUNIA ADVISORY ID: SA18959
VERIFY ADVISORY: http://secunia.com/advisories/18959/
CRITICAL: Moderately critical
IMPACT: Security Bypass
WHERE:
From remote
SOFTWARE: Snort 2.4.x http://secunia.com/product/5691/
DESCRIPTION: siouxsie has reported a vulnerability in Snort, which potentially can be exploited by malicious people to bypass certain security restrictions.
The vulnerability has been reported in version 2.4.3.
SOLUTION: Filter potentially malicious fragmented IP packets with a firewall.
PROVIDED AND/OR DISCOVERED BY: siouxsie
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200602-0404",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "snort",
"scope": "eq",
"trust": 1.6,
"vendor": "sourcefire",
"version": "2.4.3"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "project snort",
"scope": "eq",
"trust": 0.3,
"vendor": "snort",
"version": "2.4.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0996"
},
{
"db": "BID",
"id": "16705"
},
{
"db": "NVD",
"id": "CVE-2006-0839"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-339"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sourcefire:snort:2.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0839"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reported by",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200602-339"
}
],
"trust": 0.6
},
"cve": "CVE-2006-0839",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2006-0996",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-0839",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2006-0996",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200602-339",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0996"
},
{
"db": "NVD",
"id": "CVE-2006-0839"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-339"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths. Snort is reportedly prone to a vulnerability that may allow malicious packets to bypass detection. \nReports indicate that the Frag3 preprocessor fails to properly analyze certain packets. \nA successful attack can allow attackers to bypass intrusion detection and to carry out attacks against computers protected by Snort. \nThis vulnerability affects Snort 2.4.3. Other versions may be vulnerable as well. \n\nTITLE:\nSnort frag3 Preprocessor Packet Reassembly Vulnerability\n\nSECUNIA ADVISORY ID:\nSA18959\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/18959/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nSnort 2.4.x\nhttp://secunia.com/product/5691/\n\nDESCRIPTION:\nsiouxsie has reported a vulnerability in Snort, which potentially can\nbe exploited by malicious people to bypass certain security\nrestrictions. \n\nThe vulnerability has been reported in version 2.4.3. \n\nSOLUTION:\nFilter potentially malicious fragmented IP packets with a firewall. \n\nPROVIDED AND/OR DISCOVERED BY:\nsiouxsie\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0839"
},
{
"db": "CNVD",
"id": "CNVD-2006-0996"
},
{
"db": "BID",
"id": "16705"
},
{
"db": "PACKETSTORM",
"id": "44230"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "16705",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2006-0839",
"trust": 2.2
},
{
"db": "SECUNIA",
"id": "18959",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2006-0996",
"trust": 0.6
},
{
"db": "XF",
"id": "3",
"trust": 0.6
},
{
"db": "XF",
"id": "24811",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060217 SNORT INCORRECT FRAGMENTED PACKET REASSEMBLY",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200602-339",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "44230",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0996"
},
{
"db": "BID",
"id": "16705"
},
{
"db": "PACKETSTORM",
"id": "44230"
},
{
"db": "NVD",
"id": "CVE-2006-0839"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-339"
}
]
},
"id": "VAR-200602-0404",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0996"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0996"
}
]
},
"last_update_date": "2023-12-18T11:12:52.992000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0839"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/16705"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/18959"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/425290/100/0/threaded"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24811"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/425290/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/24811"
},
{
"trust": 0.3,
"url": "http://www.snort.org/"
},
{
"trust": 0.3,
"url": "/archive/1/425290"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5691/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/18959/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0996"
},
{
"db": "BID",
"id": "16705"
},
{
"db": "PACKETSTORM",
"id": "44230"
},
{
"db": "NVD",
"id": "CVE-2006-0839"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-339"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2006-0996"
},
{
"db": "BID",
"id": "16705"
},
{
"db": "PACKETSTORM",
"id": "44230"
},
{
"db": "NVD",
"id": "CVE-2006-0839"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-339"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-02-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-0996"
},
{
"date": "2006-02-17T00:00:00",
"db": "BID",
"id": "16705"
},
{
"date": "2006-03-01T03:50:51",
"db": "PACKETSTORM",
"id": "44230"
},
{
"date": "2006-02-22T02:02:00",
"db": "NVD",
"id": "CVE-2006-0839"
},
{
"date": "2006-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200602-339"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-02-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-0996"
},
{
"date": "2006-02-17T18:43:00",
"db": "BID",
"id": "16705"
},
{
"date": "2018-10-18T16:29:23.023000",
"db": "NVD",
"id": "CVE-2006-0839"
},
{
"date": "2006-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200602-339"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200602-339"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Snort Frag3 Processor Packet Fragment Avoidance Detection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0996"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "16705"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-339"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…