*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: snort CVE-2008-1804 description: "Remote exploitation of a design error vulnerability in Snort [...] could allow an attacker to bypass filter rules. Due to a design error vulnerability, Snort does not properly reassemble fragmented IP packets. When receiving incoming fragments, Snort checks the Time To Live (TTL) value of the fragment, and compares it to the TTL of the initial fragment. If the difference between the initial fragment and the following fragments is more than a configured amount, the fragments will be silently discard. This results in valid traffic not being examined and/or filtered by Snort." [...] "iDefense has confirmed the existence of this vulnerability in Snort 2.8 and 2.6. Snort 2.4 is not vulnerable. " http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=701 "preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1804 ** Affects: snort (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1804 -- [CVE-2008-1804] Snort IP fragment TTL evasion vulnerability https://bugs.launchpad.net/bugs/235901 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
