ID CVE-2005-3252
Summary Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet.
References
Vulnerable Configurations
  • cpe:2.3:a:sourcefire:snort:2.4.0
    cpe:2.3:a:sourcefire:snort:2.4.0
  • cpe:2.3:a:sourcefire:snort:2.4.1
    cpe:2.3:a:sourcefire:snort:2.4.1
  • cpe:2.3:a:sourcefire:snort:2.4.2
    cpe:2.3:a:sourcefire:snort:2.4.2
CVSS
Base: 7.5 (as of 19-10-2005 - 08:45)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
  • description Snort <= 2.4.2 Back Orifice Parsing Remote Buffer Overflow Exploit. CVE-2005-3252. Remote exploit for linux platform
    id EDB-ID:1272
    last seen 2016-01-31
    modified 2005-10-25
    published 2005-10-25
    reporter rd
    source https://www.exploit-db.com/download/1272/
    title Snort <= 2.4.2 Back Orifice Parsing Remote Buffer Overflow Exploit
  • description Snort <= 2.4.2 Back Orifice Pre-Preprocessor Remote Exploit (3). CVE-2005-3252. Remote exploit for windows platform
    id EDB-ID:1313
    last seen 2016-01-31
    modified 2005-11-11
    published 2005-11-11
    reporter xort
    source https://www.exploit-db.com/download/1313/
    title Snort <= 2.4.2 Back Orifice Pre-Preprocessor Remote Exploit 3
  • description Snort 2.4.0 - 2.4.3 Back Orifice Pre-Preprocessor Remote Exploit. CVE-2005-3252. Remote exploit for linux platform
    id EDB-ID:10026
    last seen 2016-02-01
    modified 2005-10-18
    published 2005-10-18
    reporter KaiJern Lau
    source https://www.exploit-db.com/download/10026/
    title Snort 2.4.0 - 2.4.3 - Back Orifice Pre-Preprocessor Remote Exploit
  • description Snort Back Orifice Pre-Preprocessor Remote Exploit. CVE-2005-3252. Remote exploit for linux platform
    id EDB-ID:16834
    last seen 2016-02-02
    modified 2010-07-03
    published 2010-07-03
    reporter metasploit
    source https://www.exploit-db.com/download/16834/
    title Snort Back Orifice Pre-Preprocessor Remote Exploit
metasploit via4
description This module exploits a stack buffer overflow in the Back Orifice pre-processor module included with Snort versions 2.4.0, 2.4.1, 2.4.2, and 2.4.3. This vulnerability could be used to completely compromise a Snort sensor, and would typically gain an attacker full root or administrative privileges.
id MSF:EXPLOIT/LINUX/IDS/SNORTBOPRE
last seen 2019-02-12
modified 2017-07-24
published 2005-12-18
reliability Good
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ids/snortbopre.rb
title Snort Back Orifice Pre-Preprocessor Buffer Overflow
packetstorm via4
data source https://packetstormsecurity.com/files/download/82239/snortbopre.rb.txt
id PACKETSTORM:82239
last seen 2016-12-05
published 2009-10-27
reporter Lau KaiJern
source https://packetstormsecurity.com/files/82239/Snort-Back-Orifice-Stack-Overflow.html
title Snort Back Orifice Stack Overflow
refmap via4
bid 15131
cert TA05-291A
cert-vn VU#175500
confirm
fulldisc
  • 20051025 Snort's BO pre-processor exploit
  • 20051101 Snort Back Orifice Preprocessor Exploit (Win32 targets)
iss 20051018 Snort Back Orifice Parsing Remote Code Execution
osvdb 20034
sectrack 1015070
secunia
  • 17220
  • 17255
  • 17559
suse SUSE-SR:2005:026
vupen ADV-2005-2138
saint via4
bid 15131
description Snort Back Orifice Pre-Processor buffer overflow
id misc_snort
osvdb 20034
title snort_back_orifice
type remote
Last major update 07-03-2011 - 21:26
Published 18-10-2005 - 17:02
Back to Top