Lucene search

K

Gentoo FoundationGLSA-200703-01

HistoryFeb 23, 2007 - 12:00 a.m.

Snort: Remote execution of arbitrary code

2007-02-2300:00:00

Gentoo Foundation

security.gentoo.org

24

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.71

Percentile

98.1%

Background

Snort is a widely deployed intrusion detection program.

Description

The Snort DCE/RPC preprocessor does not properly reassemble certain types of fragmented SMB and DCE/RPC packets.

Impact

A remote attacker could send specially crafted fragmented SMB or DCE/RPC packets, without the need to finish the TCP handshake, that would trigger a stack-based buffer overflow while being reassembled. This could lead to the execution of arbitrary code with the permissions of the user running the Snort preprocessor.

Workaround

Disable the DCE/RPC processor by commenting the ‘preprocessor dcerpc’ section in /etc/snort/snort.conf .

Resolution

All Snort users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=net-analyzer/snort-2.6.1.3"

OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-analyzer/snort< 2.6.1.3UNKNOWN

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.71

Percentile

98.1%

Related for GLSA-200703-01

nessus3 cve1 exploitdb4 securityvulns2 cert1 fedora1 openvas6 canvas1 cvelist1 exploitpack1 saint4 checkpoint_advisories1 packetstorm2 debiancve1 nvd1 zdt3 freebsd1 ubuntucve1 metasploit1 seebug1