CVE-2008-1804 - preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragmen

CVE-2008-1804

Summary

preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment.

References

Vulnerable Configurations

cpe:2.3:a:snort:snort:-:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:-:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:1.6:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:1.6:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:2.0:beta:*:*:*:*:*:*
cpe:2.3:a:snort:snort:2.0:beta:*:*:*:*:*:*
cpe:2.3:a:snort:snort:2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:snort:snort:2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:snort:snort:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:2.6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:2.6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:2.6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:2.6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:2.7_beta1:*:*:*:*:*:*:*
cpe:2.3:a:snort:snort:2.7_beta1:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 08-08-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	29327
confirm	http://cvs.snort.org/viewcvs.cgi/snort/ChangeLog?rev=1.534.2.11 http://cvs.snort.org/viewcvs.cgi/snort/src/preprocessors/spp_frag3.c.diff?r1=text&tr1=1.46.2.4&r2=text&tr2=1.46.2.5&diff_format=h http://www.ipcop.org/index.php?name=News&file=article&sid=40
fedora	FEDORA-2008-4986 FEDORA-2008-5001 FEDORA-2008-5045
idefense	20080521 Multiple Vendor Snort IP Fragment TTL Evasion Vulnerability
sectrack	1020081
secunia	30348 30563 31204
vupen	ADV-2008-1602
xf	snort-ttl-security-bypass(42584)

Last major update

08-08-2017 - 01:30

Published

22-05-2008 - 13:09

Last modified

08-08-2017 - 01:30