header-logo
Suggest Exploit
vendor:
Snort
by:
SecurityFocus
7.5
CVSS
HIGH
Snort ICMP Packet Crash
119
CWE
Product Name: Snort
Affected Version From: 1.7
Affected Version To: 1.8.2003
Patch Exists: YES
Related CWE: CVE-2001-0333
CPE: a:snort:snort
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux, Unix, Windows
2001

Snort ICMP Packet Crash

Snort is a network intrusion detection system (IDS) that is vulnerable to a maliciously constructed ICMP packet. If the packet is received, the daemon will crash and require a restart to regain normal functionality. The exploit can be triggered by sending a ping packet with a size of 1 byte.

Mitigation:

Upgrade to the latest version of Snort.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3849/info

Snort is a network intrusion detection system (IDS). It is originally written for Linux and Unix systems, although it has also been ported to run under Microsoft Windows. Snort is capable of flexible and powerful content analysis of network traffic, and can detect a large number of attack attempts.

An error exists in some versions of Snort. If a maliciously constructed ICMP packet is received, the daemon will crash. This is caused because Snort erroneously defines the minimum ICMP header size as 8 bytes. A restart will be required to regain normally functionality. 

ping -c1 -s1 host

Navigation

Suggest Exploit

Services By CQR