IT Professionals

Snort TCP/IP Options Denial of Service Vulnerability

Posted by on Dec 26, 2004 | One Comment

Secunia Advisory: SA13664

Critical: Moderately critical

Impact: DoS

Where: From remote

Solution Status: Vendor Patch

Software: Snort 2.2.x

Description: Marcin Zgorecki has reported a vulnerability in Snort, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the printing of TCP/IP options. This can be exploited to cause an unspecified DoS by sending a specially crafted packet.

Successful exploitation requires that snort is configured with “FAST” output or verbose mode.

The vulnerability has been reported in version 2.2.10. Other versions may also be affected.

Solution: Update to 2.3.0-RC1 or later.

http://www.snort.org/dl/

  • Beau Raines

    My wife uses AIM and I tried it out with her the other day. I now have a new email address for her in my contact list @aol.com. Unfortunately, later in the week, when I was sending an email from my phone, that email address autocompleted first (and I didn’t realize it) and I sent to that address. On the good/bad side, it was kicked back as undeliverable.

    The IM part works just fine though, but it comes with some contact list overhead.