Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    22 vulnerabilities by sourcefire

    VAR-200702-0378

    Vulnerability from variot - Updated: 2024-07-23 22:43

    Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic. Snort IDS and Sourcefire Intrusion Sensor are prone to a stack-based buffer-overflow vulnerability because the network intrusion detection (NID) systems fail to handle specially crafted 'DCE' and 'RPC' network packets. An attacker can exploit this issue to execute malicious code in the context of the user running the affected application. Failed attempts will likely cause these applications to crash. The software provides functions such as packet sniffing, packet analysis, and packet inspection. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                     National Cyber Alert System
    
               Technical Cyber Security Alert TA07-050A
    

    Sourcefire Snort DCE/RPC Preprocessor Buffer Overflow

    Original release date: February 19, 2007 Last revised: -- Source: US-CERT

    Systems Affected

     * Snort 2.6.1, 2.6.1.1, and 2.6.1.2
     * Snort 2.7.0 beta 1
     * Sourcefire Intrusion Sensors version 4.1.x, 4.5.x, and 4.6x with
       SEUs prior to SEU 64
     * Sourcefire Intrusion Sensors for Crossbeam version 4.1.x, 4.5.x,
       and 4.6x with SEUs prior to SEU 64
    

    Other products that use Snort or Snort components may be affected.

    I. The DCE/RPC preprocessor reassembles fragmented SMB and DCE/RPC traffic before passing data to the Snort rules.

    The vulnerable code does not properly reassemble certain types of SMB and DCE/RPC packets. An attacker could exploit this vulnerability by sending a specially crafted TCP packet to a host or network monitored by Snort. The DCE/RPC preprocessor is enabled by default, and it is not necessary for an attacker to complete a TCP handshake.

    US-CERT is tracking this vulnerability as VU#196240. This vulnerability has been assigned CVE number CVE-2006-5276. Further information is available in advisories from Sourcefire and ISS.

    II.

    III. Solution

    Upgrade

    Snort 2.6.1.3 is available from the Snort download site. Sourcefire customers should visit the Sourcefire Support Login site.

    Disable the DCE/RPC Preprocessor

    To disable the DCE/RPC preprocessor, comment out the line that loads the preprocessor in the Snort configuration file (typically /etc/snort.conf on UNIX and Linux systems):

     [/etc/snort.conf]
     ... 
     #preprocessor dcerpc...
    

    Restart Snort for the change to take effect.

    Disabling the preprocessor will prevent Snort from reassembling fragmented SMB and DCE/RPC packets. This may allow attacks to evade the IDS.

    IV. References

     * US-CERT Vulnerability Note VU#196240 -
       <http://www.kb.cert.org/vuls/id/196240>
    
     * Sourcefire Advisory 2007-02-19 -
       <http://www.snort.org/docs/advisory-2007-02-19.html>
    
     * Sourcefire Support Login - <https://support.sourcefire.com/>
    
     * Sourcefire Snort Release Notes for 2.6.1.3 -
       <http://www.snort.org/docs/release_notes/release_notes_2613.txt>
    
     * Snort downloads - <http://www.snort.org/dl/>
    
     * DCE/RPC Preprocessor -
       <http://www.snort.org/docs/snort_htmanuals/htmanual_261/node104.html>
    
     * IBM Internet Security Systems Protection Advisory -
       <http://iss.net/threats/257.html>
    
     * CVE-2006-5276 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5276>
    

    The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA07-050A.html>
    

    Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA07-050A Feedback VU#196240" in the subject.


    For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.


    Produced 2007 by US-CERT, a government organization.

    Terms of use:

     <http://www.us-cert.gov/legal.html>
    

    Revision History

    February 19, 2007: Initial Release

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

    iQEVAwUBRdop4+xOF3G+ig+rAQKdtAgAhQY66LRfVlNkH30Q5RI0gIo5Vhu14yDP qulLEyzjDhC7gDHWBGQYdE9eCy9Yf3P4BfKJS0766he/7CFn+BaDs7ohnXaynHQq +kMYNBMBg2RbrGKfOGRLHc0P6X1tSP3w45IppjOv9Yo5SUVDCa7beZWURCIKZyp6 OuYXtnpiGNctHgeU56US0sfuKj8qP7KOd9pCDRDQRhJ3UUd9wDpXee66HBxchh+w RSIQiMxisOX9mMYBW3z4DM/lb7PxXoa2Q7DwjM1NIOe/0tAObCOvF4uYhOLCVyNg +EbcN9123V0PW95FITlHXvJU6K8srnnK+Fhpfyi4vg5bYeEF2WiUrg== =T7v8 -----END PGP SIGNATURE----- . February 19, 2007

    Summary:

    Sourcefire has learned of a remotely exploitable vulnerability in the Snort DCE/RPC preprocessor. Sourcefire has prepared updates for Snort open-source software to address this issue.

    Mitigating Factors:

    Users who have disabled the DCE/RPC preprocessor are not vulnerable.

    Recommended Actions:

    • Open-source Snort 2.6.1.x users are advised to upgrade to Snort 2.6.1.3 (or later) immediately.
    • Open-source Snort 2.7 beta users are advised to mitigate this issue by disabling the DCE/RPC preprocessor. This issue will be resolved in Snort 2.7 beta 2.

    Workarounds:

    Snort users who cannot upgrade immediately are advised to disable the DCE/RPC preprocessor by removing the DCE/RPC preprocessor directives from snort.conf and restarting Snort. However, be advised that disabling the DCE/RPC preprocessor reduces detection capabilities for attacks in DCE/RPC traffic. After upgrading, customers should reenable the DCE/RPC preprocessor.

    Detecting Attacks Against This Vulnerability:

    Sourcefire will be releasing a rule pack that provides detection for attacks against this vulnerability.

    Has Sourcefire received any reports that this vulnerability has been exploited? - No. Sourcefire has not received any reports that this vulnerability has been exploited.

    Acknowledgments:

    Sourcefire would like to thank Neel Mehta from IBM X-Force for reporting this issue and working with us to resolve it.


    Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV


    Snort-announce mailing list Snort-announce@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/snort-announce .

    Resolution

    All Snort users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-analyzer/snort-2.6.1.3"
    

    References

    [ 1 ] CVE-2006-5276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5276

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-200703-01.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

    License

    Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.5

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200702-0378",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "snort",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "snort",
            "version": "2.6.1.1"
          },
          {
            "model": "snort",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "snort",
            "version": "2.6.1"
          },
          {
            "model": "snort",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "snort",
            "version": "2.7_beta1"
          },
          {
            "model": "snort",
            "scope": "eq",
            "trust": 1.4,
            "vendor": "snort",
            "version": "2.6.1.2"
          },
          {
            "model": "intrusion sensor",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sourcefire",
            "version": "4.5"
          },
          {
            "model": "intrusion sensor",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sourcefire",
            "version": "4.1"
          },
          {
            "model": "intrusion sensor",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sourcefire",
            "version": "4.6"
          },
          {
            "model": "snort",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "snort",
            "version": "2.6.1.2"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nortel",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "snort",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sourcefire",
            "version": null
          },
          {
            "model": "intrusion sensor",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sourcefire",
            "version": "4.5.x"
          },
          {
            "model": "snort",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "snort",
            "version": "2.7.0 beta 1"
          },
          {
            "model": "intrusion sensor",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sourcefire",
            "version": "for crossbeam version 4.1.x"
          },
          {
            "model": "intrusion sensor",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "sourcefire",
            "version": "4.6x of  seu 64 earlier versions"
          },
          {
            "model": "intrusion sensor",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sourcefire",
            "version": "version 4.1.x"
          },
          {
            "model": "project snort",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snort",
            "version": "2.6.1.2"
          },
          {
            "model": "project snort",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snort",
            "version": "2.6.1.1"
          },
          {
            "model": "project snort",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snort",
            "version": "2.6.1"
          },
          {
            "model": "project snort beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snort",
            "version": "2.7.01"
          },
          {
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "fedora core7",
            "scope": null,
            "trust": 0.3,
            "vendor": "redhat",
            "version": null
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "networks threat protection system intrusion sensor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "4.1"
          },
          {
            "model": "networks threat protection system intrusion sensor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "4.6"
          },
          {
            "model": "networks threat protection system intrusion sensor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "4.5"
          },
          {
            "model": "networks threat protection system defense center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "4.1"
          },
          {
            "model": "networks threat protection system defense center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "4.6"
          },
          {
            "model": "networks threat protection system defense center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "4.5"
          },
          {
            "model": "net-analyzer/snort",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "gentoo",
            "version": "2.6.1"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "model": "project snort",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "snort",
            "version": "2.6.1.3"
          },
          {
            "model": "net-analyzer/snort",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "gentoo",
            "version": "2.6.1.3"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#196240"
          },
          {
            "db": "BID",
            "id": "22616"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-000170"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200702-347"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-5276"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:snort:snort:2.6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:snort:snort:2.6.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sourcefire:intrusion_sensor:4.6:*:crossbeam:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:snort:snort:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.6.1.2",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sourcefire:intrusion_sensor:4.5:*:crossbeam:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sourcefire:intrusion_sensor:4.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:snort:snort:2.7_beta1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sourcefire:intrusion_sensor:4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sourcefire:intrusion_sensor:4.1:*:crossbeam:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sourcefire:intrusion_sensor:4.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-5276"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Neel Mehta",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200702-347"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-5276",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": true,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2006-5276",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-21384",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2006-5276",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#196240",
                "trust": 0.8,
                "value": "23.63"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200702-347",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-21384",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2006-5276",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#196240"
          },
          {
            "db": "VULHUB",
            "id": "VHN-21384"
          },
          {
            "db": "VULMON",
            "id": "CVE-2006-5276"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-000170"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200702-347"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-5276"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic. Snort IDS and Sourcefire Intrusion Sensor are prone to a stack-based buffer-overflow vulnerability because the network intrusion detection (NID) systems fail to handle specially crafted \u0027DCE\u0027 and \u0027RPC\u0027 network packets. \nAn attacker can exploit this issue to execute malicious code in the context of the user running the affected application. Failed attempts will likely cause these applications to crash. The software provides functions such as packet sniffing, packet analysis, and packet inspection. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n                     National Cyber Alert System\n\n               Technical Cyber Security Alert TA07-050A\n\n\nSourcefire Snort DCE/RPC Preprocessor Buffer Overflow\n\n   Original release date: February 19, 2007\n   Last revised: --\n   Source: US-CERT\n\n\nSystems Affected\n\n     * Snort 2.6.1, 2.6.1.1, and 2.6.1.2\n     * Snort 2.7.0 beta 1\n     * Sourcefire Intrusion Sensors version 4.1.x, 4.5.x, and 4.6x with\n       SEUs prior to SEU 64\n     * Sourcefire Intrusion Sensors for Crossbeam version 4.1.x, 4.5.x,\n       and 4.6x with SEUs prior to SEU 64\n\n   Other products that use Snort or Snort components may be affected. \n\n\nI. The DCE/RPC\n   preprocessor reassembles fragmented SMB and DCE/RPC traffic before\n   passing data to the Snort rules. \n\n   The vulnerable code does not properly reassemble certain types of\n   SMB and DCE/RPC packets. An attacker could exploit this\n   vulnerability by sending a specially crafted TCP packet to a host\n   or network monitored by Snort. The DCE/RPC preprocessor is enabled\n   by default, and it is not necessary for an attacker to complete a\n   TCP handshake. \n\n   US-CERT is tracking this vulnerability as VU#196240. This\n   vulnerability has been assigned CVE number CVE-2006-5276. Further\n   information is available in advisories from Sourcefire and ISS. \n\n\nII. \n\n\nIII. Solution\n\nUpgrade\n\n   Snort 2.6.1.3 is available from the Snort download site. Sourcefire\n   customers should visit the Sourcefire Support Login site. \n\nDisable the DCE/RPC Preprocessor\n\n   To disable the DCE/RPC preprocessor, comment out the line that loads\n   the preprocessor in the Snort configuration file (typically\n   /etc/snort.conf on UNIX and Linux systems):\n\n     [/etc/snort.conf]\n     ... \n     #preprocessor dcerpc... \n   \n   Restart Snort for the change to take effect. \n\n   Disabling the preprocessor will prevent Snort from reassembling\n   fragmented SMB and DCE/RPC packets. This may allow attacks to evade\n   the IDS. \n\n\nIV. References\n\n     * US-CERT Vulnerability Note VU#196240 -\n       \u003chttp://www.kb.cert.org/vuls/id/196240\u003e\n\n     * Sourcefire Advisory 2007-02-19 -\n       \u003chttp://www.snort.org/docs/advisory-2007-02-19.html\u003e\n\n     * Sourcefire Support Login - \u003chttps://support.sourcefire.com/\u003e\n\n     * Sourcefire Snort Release Notes for 2.6.1.3 -\n       \u003chttp://www.snort.org/docs/release_notes/release_notes_2613.txt\u003e\n\n     * Snort downloads - \u003chttp://www.snort.org/dl/\u003e\n\n     * DCE/RPC Preprocessor -\n       \u003chttp://www.snort.org/docs/snort_htmanuals/htmanual_261/node104.html\u003e\n\n     * IBM Internet Security Systems Protection Advisory -\n       \u003chttp://iss.net/threats/257.html\u003e\n\n     * CVE-2006-5276 -\n       \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5276\u003e\n\n\n ____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA07-050A.html\u003e\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA07-050A Feedback VU#196240\" in the\n   subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2007 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\nRevision History\n\n   February 19, 2007:  Initial Release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRdop4+xOF3G+ig+rAQKdtAgAhQY66LRfVlNkH30Q5RI0gIo5Vhu14yDP\nqulLEyzjDhC7gDHWBGQYdE9eCy9Yf3P4BfKJS0766he/7CFn+BaDs7ohnXaynHQq\n+kMYNBMBg2RbrGKfOGRLHc0P6X1tSP3w45IppjOv9Yo5SUVDCa7beZWURCIKZyp6\nOuYXtnpiGNctHgeU56US0sfuKj8qP7KOd9pCDRDQRhJ3UUd9wDpXee66HBxchh+w\nRSIQiMxisOX9mMYBW3z4DM/lb7PxXoa2Q7DwjM1NIOe/0tAObCOvF4uYhOLCVyNg\n+EbcN9123V0PW95FITlHXvJU6K8srnnK+Fhpfyi4vg5bYeEF2WiUrg==\n=T7v8\n-----END PGP SIGNATURE-----\n. February 19, 2007\n\nSummary:\n\nSourcefire has learned of a remotely exploitable vulnerability in the \nSnort DCE/RPC preprocessor. Sourcefire \nhas prepared updates for Snort open-source software to address this issue. \n\n\nMitigating Factors:\n\nUsers who have disabled the DCE/RPC preprocessor are not vulnerable. \n\n\nRecommended Actions:\n\n* Open-source Snort 2.6.1.x users are advised to upgrade to Snort \n2.6.1.3 (or later) immediately. \n* Open-source Snort 2.7 beta users are advised to mitigate this issue by \ndisabling the DCE/RPC preprocessor. \n   This issue will be resolved in Snort 2.7 beta 2. \n\n\nWorkarounds:\n\nSnort users who cannot upgrade immediately are advised to disable the \nDCE/RPC preprocessor by removing the DCE/RPC preprocessor directives \nfrom snort.conf and restarting Snort. However, be advised that disabling \nthe DCE/RPC preprocessor reduces detection capabilities for attacks in \nDCE/RPC traffic. After upgrading, customers should reenable the DCE/RPC \npreprocessor. \n\n\nDetecting Attacks Against This Vulnerability:\n\nSourcefire will be releasing a rule pack that provides detection for \nattacks against this vulnerability. \n\nHas Sourcefire received any reports that this vulnerability has been \nexploited?\n- No. Sourcefire has not received any reports that this vulnerability \nhas been exploited. \n\n\nAcknowledgments:\n\nSourcefire would like to thank Neel Mehta from IBM X-Force for reporting \nthis issue and working with us to resolve it. \n\n\n-------------------------------------------------------------------------\nTake Surveys. Earn Cash. Influence the Future of IT\nJoin SourceForge.net\u0027s Techsay panel and you\u0027ll get the chance to share your\nopinions on IT \u0026 business topics through brief surveys-and earn cash\nhttp://www.techsay.com/default.php?page=join.php\u0026p=sourceforge\u0026CID=DEVDEV\n_______________________________________________\nSnort-announce mailing list\nSnort-announce@lists.sourceforge.net\nhttps://lists.sourceforge.net/lists/listinfo/snort-announce\n. \n\nResolution\n==========\n\nAll Snort users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=net-analyzer/snort-2.6.1.3\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-5276\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5276\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200703-01.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2007 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-5276"
          },
          {
            "db": "CERT/CC",
            "id": "VU#196240"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-000170"
          },
          {
            "db": "BID",
            "id": "22616"
          },
          {
            "db": "VULHUB",
            "id": "VHN-21384"
          },
          {
            "db": "VULMON",
            "id": "CVE-2006-5276"
          },
          {
            "db": "PACKETSTORM",
            "id": "54569"
          },
          {
            "db": "PACKETSTORM",
            "id": "54522"
          },
          {
            "db": "PACKETSTORM",
            "id": "54834"
          }
        ],
        "trust": 3.06
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=3609",
            "trust": 0.4,
            "type": "exploit"
          },
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-21384",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-21384"
          },
          {
            "db": "VULMON",
            "id": "CVE-2006-5276"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#196240",
            "trust": 3.8
          },
          {
            "db": "NVD",
            "id": "CVE-2006-5276",
            "trust": 3.2
          },
          {
            "db": "BID",
            "id": "22616",
            "trust": 2.9
          },
          {
            "db": "USCERT",
            "id": "TA07-050A",
            "trust": 2.7
          },
          {
            "db": "SECUNIA",
            "id": "24272",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "24190",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "24235",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "24239",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "26746",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "24240",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1017669",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1017670",
            "trust": 1.8
          },
          {
            "db": "EXPLOIT-DB",
            "id": "3362",
            "trust": 1.8
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0668",
            "trust": 1.8
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0656",
            "trust": 1.8
          },
          {
            "db": "OSVDB",
            "id": "32094",
            "trust": 1.8
          },
          {
            "db": "XF",
            "id": "31275",
            "trust": 1.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-000170",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200702-347",
            "trust": 0.7
          },
          {
            "db": "CERT/CC",
            "id": "TA07-050A",
            "trust": 0.6
          },
          {
            "db": "GENTOO",
            "id": "GLSA-200703-01",
            "trust": 0.6
          },
          {
            "db": "MILW0RM",
            "id": "3362",
            "trust": 0.6
          },
          {
            "db": "ISS",
            "id": "20070219 SOURCEFIRE SNORT REMOTE BUFFER OVERFLOW",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20070303 ERRATA: [ GLSA 200703-01 ] SNORT: REMOTE EXECUTION OF ARBITRARY CODE",
            "trust": 0.6
          },
          {
            "db": "FEDORA",
            "id": "FEDORA-2007-2060",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "3609",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "54522",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "54569",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "54834",
            "trust": 0.2
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-72771",
            "trust": 0.1
          },
          {
            "db": "EXPLOIT-DB",
            "id": "18723",
            "trust": 0.1
          },
          {
            "db": "EXPLOIT-DB",
            "id": "3391",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "111677",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "54632",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-21384",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2006-5276",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#196240"
          },
          {
            "db": "VULHUB",
            "id": "VHN-21384"
          },
          {
            "db": "VULMON",
            "id": "CVE-2006-5276"
          },
          {
            "db": "BID",
            "id": "22616"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-000170"
          },
          {
            "db": "PACKETSTORM",
            "id": "54569"
          },
          {
            "db": "PACKETSTORM",
            "id": "54522"
          },
          {
            "db": "PACKETSTORM",
            "id": "54834"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200702-347"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-5276"
          }
        ]
      },
      "id": "VAR-200702-0378",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-21384"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-07-23T22:43:25.614000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Latest changelog : 2.6.1.3",
            "trust": 0.8,
            "url": "http://www.snort.org/dl/"
          },
          {
            "title": "2007-02-19 Sourcefire Advisory: Vulnerability in Snort DCE/RPC Preprocessor",
            "trust": 0.8,
            "url": "http://www.snort.org/docs/advisory-2007-02-19.html"
          },
          {
            "title": "Sourcefire Support Login",
            "trust": 0.8,
            "url": "https://support.sourcefire.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.sourcefire.com/"
          },
          {
            "title": "Detection for Vulnerability in Snort DCE/RPC Pre-processor",
            "trust": 0.8,
            "url": "http://www.sourcefire.com/services/advisories/sa022007.html"
          },
          {
            "title": "vrt-rules-2007-02-20",
            "trust": 0.8,
            "url": "http://www.snort.org/vrt/advisories/vrt-rules-2007-02-20.html"
          },
          {
            "title": "LinuxFlaw",
            "trust": 0.1,
            "url": "https://github.com/mudongliang/linuxflaw "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2006-5276"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-000170"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-5276"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "http://www.kb.cert.org/vuls/id/196240"
          },
          {
            "trust": 2.9,
            "url": "http://www.snort.org/docs/advisory-2007-02-19.html"
          },
          {
            "trust": 2.6,
            "url": "http://iss.net/threats/257.html"
          },
          {
            "trust": 2.6,
            "url": "http://www.securityfocus.com/bid/22616"
          },
          {
            "trust": 2.6,
            "url": "http://www.us-cert.gov/cas/techalerts/ta07-050a.html"
          },
          {
            "trust": 1.9,
            "url": "http://security.gentoo.org/glsa/glsa-200703-01.xml"
          },
          {
            "trust": 1.8,
            "url": "http://www116.nortelnetworks.com/pub/repository/clarify/document/2007/08/021923-01.pdf"
          },
          {
            "trust": 1.8,
            "url": "http://fedoranews.org/updates/fedora-2007-206.shtml"
          },
          {
            "trust": 1.8,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=229265"
          },
          {
            "trust": 1.8,
            "url": "http://www.osvdb.org/32094"
          },
          {
            "trust": 1.8,
            "url": "http://www.securitytracker.com/id?1017669"
          },
          {
            "trust": 1.8,
            "url": "http://www.securitytracker.com/id?1017670"
          },
          {
            "trust": 1.8,
            "url": "http://secunia.com/advisories/24190"
          },
          {
            "trust": 1.8,
            "url": "http://secunia.com/advisories/24235"
          },
          {
            "trust": 1.8,
            "url": "http://secunia.com/advisories/24239"
          },
          {
            "trust": 1.8,
            "url": "http://secunia.com/advisories/24240"
          },
          {
            "trust": 1.8,
            "url": "http://secunia.com/advisories/24272"
          },
          {
            "trust": 1.8,
            "url": "http://secunia.com/advisories/26746"
          },
          {
            "trust": 1.7,
            "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=bltndetail\u0026documentoid=540173"
          },
          {
            "trust": 1.4,
            "url": "http://xforce.iss.net/xforce/xfdb/31275"
          },
          {
            "trust": 1.2,
            "url": "http://www.securityfocus.com/archive/1/461810/100/0/threaded"
          },
          {
            "trust": 1.2,
            "url": "https://www.exploit-db.com/exploits/3362"
          },
          {
            "trust": 1.2,
            "url": "http://www.vupen.com/english/advisories/2007/0656"
          },
          {
            "trust": 1.2,
            "url": "http://www.vupen.com/english/advisories/2007/0668"
          },
          {
            "trust": 1.2,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31275"
          },
          {
            "trust": 0.9,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5276"
          },
          {
            "trust": 0.8,
            "url": "https://support.sourcefire.com/"
          },
          {
            "trust": 0.8,
            "url": "http://www.snort.org/docs/snort_htmanuals/htmanual_261/node104.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.snort.org/docs/release_notes/release_notes_2613.txt"
          },
          {
            "trust": 0.8,
            "url": "http://www.snort.org/dl/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/24235/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/24190/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/24272/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta07-050a/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/trta07-050a/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-5276"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/461810/100/0/threaded"
          },
          {
            "trust": 0.6,
            "url": "http://www.milw0rm.com/exploits/3362"
          },
          {
            "trust": 0.6,
            "url": "http://www.frsirt.com/english/advisories/2007/0668"
          },
          {
            "trust": 0.6,
            "url": "http://www.frsirt.com/english/advisories/2007/0656"
          },
          {
            "trust": 0.3,
            "url": "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4108\u0026menutype=menupublic"
          },
          {
            "trust": 0.3,
            "url": "http://www.snort.org/"
          },
          {
            "trust": 0.3,
            "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=bltndetail\u0026documentoid=540173\u0026renditionid=\u0026poid=null"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-5276"
          },
          {
            "trust": 0.1,
            "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=bltndetail\u0026amp;documentoid=540173"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2006-5276"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.rapid7.com/db/modules/exploit/multi/ids/snort_dce_rpc"
          },
          {
            "trust": 0.1,
            "url": "https://www.exploit-db.com/exploits/3609/"
          },
          {
            "trust": 0.1,
            "url": "http://www.snort.org/docs/snort_htmanuals/htmanual_261/node104.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.us-cert.gov/cas/techalerts/ta07-050a.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://iss.net/threats/257.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.us-cert.gov/cas/signup.html\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://support.sourcefire.com/\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.kb.cert.org/vuls/id/196240\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.snort.org/dl/\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5276\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.us-cert.gov/legal.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.snort.org/docs/advisory-2007-02-19.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.snort.org/docs/release_notes/release_notes_2613.txt\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.techsay.com/default.php?page=join.php\u0026p=sourceforge\u0026cid=devdev"
          },
          {
            "trust": 0.1,
            "url": "https://lists.sourceforge.net/lists/listinfo/snort-announce"
          },
          {
            "trust": 0.1,
            "url": "http://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#196240"
          },
          {
            "db": "VULHUB",
            "id": "VHN-21384"
          },
          {
            "db": "VULMON",
            "id": "CVE-2006-5276"
          },
          {
            "db": "BID",
            "id": "22616"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-000170"
          },
          {
            "db": "PACKETSTORM",
            "id": "54569"
          },
          {
            "db": "PACKETSTORM",
            "id": "54522"
          },
          {
            "db": "PACKETSTORM",
            "id": "54834"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200702-347"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-5276"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#196240"
          },
          {
            "db": "VULHUB",
            "id": "VHN-21384"
          },
          {
            "db": "VULMON",
            "id": "CVE-2006-5276"
          },
          {
            "db": "BID",
            "id": "22616"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2007-000170"
          },
          {
            "db": "PACKETSTORM",
            "id": "54569"
          },
          {
            "db": "PACKETSTORM",
            "id": "54522"
          },
          {
            "db": "PACKETSTORM",
            "id": "54834"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200702-347"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-5276"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2007-02-19T00:00:00",
            "db": "CERT/CC",
            "id": "VU#196240"
          },
          {
            "date": "2007-02-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-21384"
          },
          {
            "date": "2007-02-20T00:00:00",
            "db": "VULMON",
            "id": "CVE-2006-5276"
          },
          {
            "date": "2007-02-19T00:00:00",
            "db": "BID",
            "id": "22616"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2007-000170"
          },
          {
            "date": "2007-02-23T03:05:45",
            "db": "PACKETSTORM",
            "id": "54569"
          },
          {
            "date": "2007-02-20T01:23:04",
            "db": "PACKETSTORM",
            "id": "54522"
          },
          {
            "date": "2007-03-06T06:25:25",
            "db": "PACKETSTORM",
            "id": "54834"
          },
          {
            "date": "2007-02-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200702-347"
          },
          {
            "date": "2007-02-20T01:28:00",
            "db": "NVD",
            "id": "CVE-2006-5276"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2008-01-30T00:00:00",
            "db": "CERT/CC",
            "id": "VU#196240"
          },
          {
            "date": "2018-10-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-21384"
          },
          {
            "date": "2018-10-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2006-5276"
          },
          {
            "date": "2007-11-15T00:38:00",
            "db": "BID",
            "id": "22616"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2007-000170"
          },
          {
            "date": "2007-05-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200702-347"
          },
          {
            "date": "2018-10-17T21:41:57.483000",
            "db": "NVD",
            "id": "CVE-2006-5276"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "54569"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200702-347"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#196240"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200702-347"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200907-0376

    Vulnerability from variot - Updated: 2023-12-18 12:11

    The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components. Sourcefire 3D Sensor and Defense Center are prone to multiple security-bypass vulnerabilities. An attacker may exploit these issues to gain administrative access to the vulnerable device, which may aid in further attacks. Versions prior to the following are vulnerable: Sourcefire 3D Sensor 4.8.2 Sourcefire Defense Center 4.8.2. Although the user.cgi PERL script correctly verifies that the incoming request belongs to an authenticated session, in this case it is blindly granted read and write access without regard to the role of the originator of the request, so even users with the lowest access levels (such as Users who have not configured any roles) can also promote them to administrators and change other roles or account parameters at will. ----------------------------------------------------------------------

    Do you have VARM strategy implemented?

    (Vulnerability Assessment Remediation Management)

    If not, then implement it through the most reliable vulnerability intelligence source on the market.

    Implement it through Secunia.

    For more information visit: http://secunia.com/advisories/business_solutions/

    Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com


    TITLE: Sourcefire 3D Sensor and Defense Center "user.cgi" Security Bypass

    SECUNIA ADVISORY ID: SA35658

    VERIFY ADVISORY: http://secunia.com/advisories/35658/

    DESCRIPTION: Gregory Duchemin has reported a vulnerability in Sourcefire 3D Sensor and Sourcefire Defense Center, which can be exploited by malicious people to bypass certain security restrictions.

    The vulnerability is caused due to improper access restrictions while processing requests sent to the admin/user/user.cgi script. This can be exploited to e.g. gain administrative access to the appliance by sending a specially crafted POST request to the affected script.

    NOTE: Other scripts are reportedly affected by similar errors.

    SOLUTION: Update to firmware version 4.8.2.

    PROVIDED AND/OR DISCOVERED BY: Gregory Duchemin

    ORIGINAL ADVISORY: http://milw0rm.com/exploits/9074


    About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200907-0376",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "defense center",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "sourcefire",
            "version": "4.8.0.4"
          },
          {
            "model": "defense center",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "sourcefire",
            "version": "4.8"
          },
          {
            "model": "3d sensor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "sourcefire",
            "version": "4.8.0.3"
          },
          {
            "model": "3d sensor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "sourcefire",
            "version": "4.8.0.4"
          },
          {
            "model": "defense center",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "sourcefire",
            "version": "4.8.0.3"
          },
          {
            "model": "3d sensor",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "sourcefire",
            "version": "4.8"
          },
          {
            "model": "3d sensor",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "sourcefire",
            "version": "4.8.1"
          },
          {
            "model": "defense center",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "sourcefire",
            "version": "4.8.1"
          },
          {
            "model": "defense center",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sourcefire",
            "version": "4.8.1"
          },
          {
            "model": "3d sensor",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "sourcefire",
            "version": "4.8.1"
          },
          {
            "model": "3d sensor",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "sourcefire",
            "version": "4.8.2"
          },
          {
            "model": "defense center",
            "scope": null,
            "trust": 0.8,
            "vendor": "sourcefire",
            "version": null
          },
          {
            "model": "defense center",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sourcefire",
            "version": "4.8.2"
          },
          {
            "model": "3d sensor",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sourcefire",
            "version": "4.8.2"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "35553"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-006132"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-2344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200907-096"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sourcefire:3d_sensor:4.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sourcefire:3d_sensor:4.8.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sourcefire:defense_center:4.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sourcefire:defense_center:4.8.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sourcefire:defense_center:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.8.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sourcefire:3d_sensor:4.8.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sourcefire:defense_center:4.8.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sourcefire:3d_sensor:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.8.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2009-2344"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Gregory Duchemin c3rb3r@hotmail.com",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200907-096"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2009-2344",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2009-2344",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-39790",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2009-2344",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200907-096",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-39790",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2009-2344",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-39790"
          },
          {
            "db": "VULMON",
            "id": "CVE-2009-2344"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-006132"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-2344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200907-096"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components. Sourcefire 3D Sensor and Defense Center are prone to multiple security-bypass vulnerabilities. An attacker may exploit these issues to gain administrative access to the vulnerable device, which may aid in further attacks. \nVersions prior to the following are vulnerable:\nSourcefire 3D Sensor 4.8.2\nSourcefire Defense Center 4.8.2. Although the user.cgi PERL script correctly verifies that the incoming request belongs to an authenticated session, in this case it is blindly granted read and write access without regard to the role of the originator of the request, so even users with the lowest access levels (such as Users who have not configured any roles) can also promote them to administrators and change other roles or account parameters at will. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management)  \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nSourcefire 3D Sensor and Defense Center \"user.cgi\" Security Bypass\n\nSECUNIA ADVISORY ID:\nSA35658\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/35658/\n\nDESCRIPTION:\nGregory Duchemin has reported a vulnerability in Sourcefire 3D Sensor\nand Sourcefire Defense Center, which can be exploited by malicious\npeople to bypass certain security restrictions. \n\nThe vulnerability is caused due to improper access restrictions while\nprocessing requests sent to the admin/user/user.cgi script. This can\nbe exploited to e.g. gain administrative access to the appliance by\nsending a specially crafted POST request to the affected script. \n\nNOTE: Other scripts are reportedly affected by similar errors. \n\nSOLUTION:\nUpdate to firmware version 4.8.2. \n\nPROVIDED AND/OR DISCOVERED BY:\nGregory Duchemin\n\nORIGINAL ADVISORY:\nhttp://milw0rm.com/exploits/9074\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2009-2344"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-006132"
          },
          {
            "db": "BID",
            "id": "35553"
          },
          {
            "db": "VULHUB",
            "id": "VHN-39790"
          },
          {
            "db": "VULMON",
            "id": "CVE-2009-2344"
          },
          {
            "db": "PACKETSTORM",
            "id": "78955"
          }
        ],
        "trust": 2.16
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-39790",
            "trust": 0.1,
            "type": "unknown"
          },
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=9074",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-39790"
          },
          {
            "db": "VULMON",
            "id": "CVE-2009-2344"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2009-2344",
            "trust": 2.6
          },
          {
            "db": "BID",
            "id": "35553",
            "trust": 2.1
          },
          {
            "db": "SECUNIA",
            "id": "35658",
            "trust": 2.0
          },
          {
            "db": "EXPLOIT-DB",
            "id": "9074",
            "trust": 1.9
          },
          {
            "db": "VUPEN",
            "id": "ADV-2009-1785",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1022500",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-006132",
            "trust": 0.8
          },
          {
            "db": "BUGTRAQ",
            "id": "20090701 SOURCEFIRE 3D SENSOR AND DC, PRIVILEGE ESCALATION VULNERABILITY",
            "trust": 0.6
          },
          {
            "db": "MILW0RM",
            "id": "9074",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200907-096",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-66683",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-39790",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2009-2344",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "78955",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-39790"
          },
          {
            "db": "VULMON",
            "id": "CVE-2009-2344"
          },
          {
            "db": "BID",
            "id": "35553"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-006132"
          },
          {
            "db": "PACKETSTORM",
            "id": "78955"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-2344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200907-096"
          }
        ]
      },
      "id": "VAR-200907-0376",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-39790"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T12:11:36.023000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.sourcefire.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-006132"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-39790"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-006132"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-2344"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/35553"
          },
          {
            "trust": 1.8,
            "url": "http://www.securitytracker.com/id?1022500"
          },
          {
            "trust": 1.8,
            "url": "http://secunia.com/advisories/35658"
          },
          {
            "trust": 1.8,
            "url": "http://www.vupen.com/english/advisories/2009/1785"
          },
          {
            "trust": 1.2,
            "url": "http://www.securityfocus.com/archive/1/504694/100/0/threaded"
          },
          {
            "trust": 1.2,
            "url": "http://www.exploit-db.com/exploits/9074"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2344"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2344"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/504694/100/0/threaded"
          },
          {
            "trust": 0.6,
            "url": "http://www.milw0rm.com/exploits/9074"
          },
          {
            "trust": 0.3,
            "url": "http://www.sourcefire.com/products/3d/sensor"
          },
          {
            "trust": 0.3,
            "url": "http://www.sourcefire.com/products/3d/defense_center"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/504694"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/264.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.exploit-db.com/exploits/9074/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://milw0rm.com/exploits/9074"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/35658/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/business_solutions/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-39790"
          },
          {
            "db": "VULMON",
            "id": "CVE-2009-2344"
          },
          {
            "db": "BID",
            "id": "35553"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-006132"
          },
          {
            "db": "PACKETSTORM",
            "id": "78955"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-2344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200907-096"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-39790"
          },
          {
            "db": "VULMON",
            "id": "CVE-2009-2344"
          },
          {
            "db": "BID",
            "id": "35553"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-006132"
          },
          {
            "db": "PACKETSTORM",
            "id": "78955"
          },
          {
            "db": "NVD",
            "id": "CVE-2009-2344"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200907-096"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2009-07-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-39790"
          },
          {
            "date": "2009-07-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2009-2344"
          },
          {
            "date": "2009-07-02T00:00:00",
            "db": "BID",
            "id": "35553"
          },
          {
            "date": "2012-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2009-006132"
          },
          {
            "date": "2009-07-06T14:53:16",
            "db": "PACKETSTORM",
            "id": "78955"
          },
          {
            "date": "2009-07-07T19:30:00.297000",
            "db": "NVD",
            "id": "CVE-2009-2344"
          },
          {
            "date": "2009-07-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200907-096"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-39790"
          },
          {
            "date": "2018-10-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2009-2344"
          },
          {
            "date": "2009-07-07T22:06:00",
            "db": "BID",
            "id": "35553"
          },
          {
            "date": "2012-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2009-006132"
          },
          {
            "date": "2018-10-10T19:39:42.070000",
            "db": "NVD",
            "id": "CVE-2009-2344"
          },
          {
            "date": "2009-07-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200907-096"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200907-096"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Sourcefire DC and  3D Sensor of  Web Vulnerabilities that gain privileges in the base management interface",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2009-006132"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200907-096"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200607-0504

    Vulnerability from variot - Updated: 2023-12-18 11:18

    Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1 ships with an Oracle database that contains several default accounts and passwords, which allows attackers to obtain sensitive information. A buffer overflow exists in the Snort Back Orifice preprocessor that may allow a remote, unauthenticated attacker to execute arbitrary code, possibly with elevated privileges. This may facilitate a remote compromise of affected computers. Cisco has released version 4.2.1 to address these issues; prior versions are reported vulnerable. Snort is susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the application to securely copy network-derived data into sensitive process buffers. The specific issue exists in the Back Orifice preprocessor. This may facilitate unauthorized access or privilege escalation. Due to the nature of this issue, attackers may exploit it by sending a single UDP packet with a potentially spoofed source address to an arbitrary destination address and port. As long as the application can sniff the packet, it may be exploited. These aspects of this issue may aid attackers in bypassing firewalls in order to compromise a wider number of computers. Reportedly, this issue is difficult to reliably exploit across differing operating systems and compiler versions. Failed exploit attempts likely result in crashing the application, thereby disabling detection of other attacks. Snort versions 2.4.0 through 2.4.2 are affected by this issue. Other versions may also be affected, but this has not been confirmed. CS-MARS uses an Oracle database to store sensitive network events and configuration data. Information in the database may include authentication credentials for network devices, such as firewalls, routers and IPS devices, and details of network security events. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                     National Cyber Alert System
    
               Technical Cyber Security Alert TA05-291A
    

    Snort Back Orifice Preprocessor Buffer Overflow

    Original release date: October 18, 2005 Last revised: -- Source: US-CERT

    Systems Affected

     * Snort versions 2.4.0 to 2.4.2
     * Sourcefire Intrusion Sensors
    

    Other products that use Snort or Snort components may be affected.

    I. Description

    Snort is a widely-deployed, open-source network intrusion detection system (IDS). Snort and its components are used in other IDS products, notably Sourcefire Intrusion Sensors, and Snort is included with a number of operating system distributions.

    Snort preprocessors are modular plugins that extend functionality by operating on packets before the detection engine is run. The ping detection code does not adequately limit the amount of data that is read from the packet into a fixed-length buffer, thus creating the potential for a buffer overflow.

    The vulnerable code will process any UDP packet that is not destined to or sourced from the default Back Orifice port (31337/udp). An attacker could exploit this vulnerability by sending a specially crafted UDP packet to a host or network monitored by Snort.

    US-CERT is tracking this vulnerability as VU#175500. Further information is available in an advisory from Internet Security Systems (ISS).

    II. Snort typically runs with root or SYSTEM privileges, so an attacker could take complete control of a vulnerable system. An attacker does not need to target a Snort sensor directly; the attacker can target any host or network monitored by Snort.

    III. Solution

    Upgrade

    Sourcefire has released Snort 2.4.3 which is available from the Snort download site. For information about other vendors, please see the Systems Affected section of VU#175500.

    Disable Back Orifice Preprocessor

    To disable the Back Orifice preprocessor, comment out the line that loads the preprocessor in the Snort configuration file (typically /etc/snort.conf on UNIX and Linux systems):

     [/etc/snort.conf]
     ... 
     #preprocessor bo
     ...
    

    Restart Snort for the change to take effect.

    Restrict Outbound Traffic

    Consider preventing Snort sensors from initiating outbound connections and restricting outbound traffic to only those hosts and networks that have legitimate requirements to communicate with the sensors. While this will not prevent exploitation of the vulnerability, it may make it more difficult for an attacker to access a compromised system or reconnoiter other systems.

    Appendix A. References

     * US-CERT Vulnerability Note VU#175500 -
       <http://www.kb.cert.org/vuls/id/177500>
    
     * Fixes and Mitigation Instructions Available for Snort Back
       Orifice Vulnerability -
       <http://www.snort.org/pub-bin/snortnews.cgi#99>
    
     * Snort downloads - <http://www.snort.org/dl/>
    
     * Snort 2.4.3 Changelog -
       <http://www.snort.org/docs/change_logs/2.4.3/Changelog.txt>
    
     * Preprocessors -
       <http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/
       node11.html#SECTION00310000000000000000>
    
     * Snort Back Orifice Parsing Remote Code Execution -
       <http://xforce.iss.net/xforce/alerts/id/207>
    

    This vulnerability was researched and reported by Internet Security Systems (ISS).


    The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA05-291A.html>
    

    Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA05-291A Feedback VU#175500" in the subject.


    For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.


    Produced 2005 by US-CERT, a government organization.

    Terms of use:

     <http://www.us-cert.gov/legal.html>
    

    Revision History

    Oct 18, 2005: Initial release

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

    iQEVAwUBQ1VB130pj593lg50AQLY6wf+Kq/rI3wxG4rGr+OdVrpl3v+TfTMp6MX3 T0e99ybRSGKeWQCleMQYdBYrS+7UyCa28T1yE8ENe4SuYLPj7ttTqpd0AGxn7f8H +qOY0GnJwXvrWlKCfVtAhjo5JFDxgZQV9P/13MwjcsJrGTtHzhuJ8YZc4RtSMyVX 4nf2s4Nymjd2+jIEX9BnwRIe/E47TRdFLSsza36mhKZLZV1lxLdJYywCZSsQLWNM nL9gohRojR/6wQk8sLjef8LCv2JFu3btsqrrblcTWqfB6GhVR9OSUBhL+b8P/mme jVd9eE0OS5v8rzhaEMiYIMI+pEZEpATj4BnVoLwPkLAoD6ObGJKHkQ== =jjID -----END PGP SIGNATURE----- .


    Hardcore Disassembler / Reverse Engineer Wanted!

    Want to work with IDA and BinDiff? Want to write PoC's and Exploits?

    Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package.

    http://secunia.com/hardcore_disassembler_and_reverse_engineer/


    TITLE: CS-MARS Multiple Vulnerabilities

    SECUNIA ADVISORY ID: SA21118

    VERIFY ADVISORY: http://secunia.com/advisories/21118/

    CRITICAL: Moderately critical

    IMPACT: Security Bypass, Exposure of system information, System access

    WHERE:

    From local network

    OPERATING SYSTEM: Cisco Security Monitoring, Analysis and Response System (CS-MARS) 4.x http://secunia.com/product/6780/

    DESCRIPTION: Multiple vulnerabilities have been reported in CS-MARS, which can be exploited by malicious, local users to bypass certain security restrictions and malicious people to gain knowledge of system information and compromise a vulnerable system.

    2) The included JBoss web application server is also affected by an information disclosure weakness.

    SOLUTION: Update to version 4.2.1 or later.

    PROVIDED AND/OR DISCOVERED BY: 1+2) Jon Hart 3) Reported by the vendor.

    ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml

    OTHER REFERENCES: SA15746: http://secunia.com/advisories/15746/


    About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    .

    The vulnerability is caused due to a boundary error in the handling of Back Orifice packets.

    Alternatively, disable the Back Orifice pre-processor

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200607-0504",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "cs-mars",
            "scope": "eq",
            "trust": 2.2,
            "vendor": "cisco",
            "version": "4.1.5"
          },
          {
            "model": "cs-mars",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "cs-mars",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "4.1.3"
          },
          {
            "model": "cs-mars",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "4.1.2"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nortel",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "snort",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sourcefire",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": "security monitoring, analysis and response system",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "cisco",
            "version": "4.2.1"
          },
          {
            "model": "networks contivity vpn switch",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "nortel",
            "version": "20004.1.3"
          },
          {
            "model": "networks contivity vpn switch",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "nortel",
            "version": "20004.1.2"
          },
          {
            "model": "networks contivity vpn switch",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "nortel",
            "version": "20004.1"
          },
          {
            "model": "cs-mars",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "4.2.1"
          },
          {
            "model": "project snort",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snort",
            "version": "2.4.2"
          },
          {
            "model": "project snort",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snort",
            "version": "2.4.1"
          },
          {
            "model": "project snort",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snort",
            "version": "2.4.0"
          },
          {
            "model": "networks threat protection system intrusion sensor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "4.1"
          },
          {
            "model": "networks threat protection system defense center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "4.1"
          },
          {
            "model": "project snort",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "snort",
            "version": "2.4.3"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#175500"
          },
          {
            "db": "BID",
            "id": "19073"
          },
          {
            "db": "BID",
            "id": "19071"
          },
          {
            "db": "BID",
            "id": "15131"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002835"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3732"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200607-315"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:cs-mars:4.1.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:cs-mars:4.1.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:cs-mars:4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:cs-mars:4.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-3732"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cisco Security bulletin",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200607-315"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-3732",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2006-3732",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-19840",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2006-3732",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#175500",
                "trust": 0.8,
                "value": "31.05"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200607-315",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-19840",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#175500"
          },
          {
            "db": "VULHUB",
            "id": "VHN-19840"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002835"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3732"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200607-315"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1 ships with an Oracle database that contains several default accounts and passwords, which allows attackers to obtain sensitive information. A buffer overflow exists in the Snort Back Orifice preprocessor that may allow a remote, unauthenticated attacker to execute arbitrary code, possibly with elevated privileges. This may facilitate a remote compromise of affected computers. \nCisco has released version 4.2.1 to address these issues; prior versions are reported vulnerable. Snort is susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the application to securely copy network-derived data into sensitive process buffers. The specific issue exists in the Back Orifice preprocessor. This may facilitate unauthorized access or privilege escalation. \nDue to the nature of this issue, attackers may exploit it by sending a single UDP packet with a potentially spoofed source address to an arbitrary destination address and port. As long as the application can sniff the packet, it may be exploited. These aspects of this issue may aid attackers in bypassing firewalls in order to compromise a wider number of computers. \nReportedly, this issue is difficult to reliably exploit across differing operating systems and compiler versions. Failed exploit attempts likely result in crashing the application, thereby disabling detection of other attacks. \nSnort versions 2.4.0 through 2.4.2 are affected by this issue. Other versions may also be affected, but this has not been confirmed. CS-MARS uses an Oracle database to store sensitive network events and configuration data. Information in the database may include authentication credentials for network devices, such as firewalls, routers and IPS devices, and details of network security events. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n                     National Cyber Alert System\n\n               Technical Cyber Security Alert TA05-291A\n\n\nSnort Back Orifice Preprocessor Buffer Overflow\n\n   Original release date: October 18, 2005\n   Last revised: --\n   Source: US-CERT\n\n\nSystems Affected\n\n     * Snort versions 2.4.0 to 2.4.2\n     * Sourcefire Intrusion Sensors\n\n   Other products that use Snort or Snort components may be affected. \n\n\nI. Description\n\n   Snort is a widely-deployed, open-source network intrusion detection\n   system (IDS). Snort and its components are used in other IDS\n   products, notably Sourcefire Intrusion Sensors, and Snort is\n   included with a number of operating system distributions. \n\n   Snort preprocessors are modular plugins that extend functionality\n   by operating on packets before the detection engine is run. The ping detection code does\n   not adequately limit the amount of data that is read from the\n   packet into a fixed-length buffer, thus creating the potential for\n   a buffer overflow. \n\n   The vulnerable code will process any UDP packet that is not\n   destined to or sourced from the default Back Orifice port\n   (31337/udp). An attacker could exploit this vulnerability by\n   sending a specially crafted UDP packet to a host or network\n   monitored by Snort. \n\n   US-CERT is tracking this vulnerability as VU#175500. Further\n   information is available in an advisory from Internet Security\n   Systems (ISS). \n\n\nII. Snort typically runs with root or\n   SYSTEM privileges, so an attacker could take complete control of a\n   vulnerable system. An attacker does not need to target a Snort\n   sensor directly; the attacker can target any host or network\n   monitored by Snort. \n\n\nIII. Solution\n\nUpgrade\n\n   Sourcefire has released Snort 2.4.3 which is available from the\n   Snort download site. For information about other vendors, please\n   see the Systems Affected section of VU#175500. \n\nDisable Back Orifice Preprocessor\n\n   To disable the Back Orifice preprocessor, comment out the line that\n   loads the preprocessor in the Snort configuration file (typically\n   /etc/snort.conf on UNIX and Linux systems):\n\n     [/etc/snort.conf]\n     ... \n     #preprocessor bo\n     ... \n   \n   Restart Snort for the change to take effect. \n\nRestrict Outbound Traffic\n\n   Consider preventing Snort sensors from initiating outbound\n   connections and restricting outbound traffic to only those hosts\n   and networks that have legitimate requirements to communicate with\n   the sensors. While this will not prevent exploitation of the\n   vulnerability, it may make it more difficult for an attacker to\n   access a compromised system or reconnoiter other systems. \n\n\nAppendix A. References\n\n     * US-CERT Vulnerability Note VU#175500 -\n       \u003chttp://www.kb.cert.org/vuls/id/177500\u003e\n\n     * Fixes and Mitigation Instructions Available for Snort Back\n       Orifice Vulnerability -\n       \u003chttp://www.snort.org/pub-bin/snortnews.cgi#99\u003e\n\n     * Snort downloads - \u003chttp://www.snort.org/dl/\u003e\n\n     * Snort 2.4.3 Changelog -\n       \u003chttp://www.snort.org/docs/change_logs/2.4.3/Changelog.txt\u003e\n\n     * Preprocessors -\n       \u003chttp://www.snort.org/docs/snort_htmanuals/htmanual_2.4/\n       node11.html#SECTION00310000000000000000\u003e\n\n     * Snort Back Orifice Parsing Remote Code Execution -\n       \u003chttp://xforce.iss.net/xforce/alerts/id/207\u003e\n\n\n ____________________________________________________________________\n\n   This vulnerability was researched and reported by Internet Security\n   Systems (ISS). \n ____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA05-291A.html\u003e\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA05-291A Feedback VU#175500\" in the\n   subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2005 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\nRevision History\n\n   Oct 18, 2005: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBQ1VB130pj593lg50AQLY6wf+Kq/rI3wxG4rGr+OdVrpl3v+TfTMp6MX3\nT0e99ybRSGKeWQCleMQYdBYrS+7UyCa28T1yE8ENe4SuYLPj7ttTqpd0AGxn7f8H\n+qOY0GnJwXvrWlKCfVtAhjo5JFDxgZQV9P/13MwjcsJrGTtHzhuJ8YZc4RtSMyVX\n4nf2s4Nymjd2+jIEX9BnwRIe/E47TRdFLSsza36mhKZLZV1lxLdJYywCZSsQLWNM\nnL9gohRojR/6wQk8sLjef8LCv2JFu3btsqrrblcTWqfB6GhVR9OSUBhL+b8P/mme\njVd9eE0OS5v8rzhaEMiYIMI+pEZEpATj4BnVoLwPkLAoD6ObGJKHkQ==\n=jjID\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nHardcore Disassembler / Reverse Engineer Wanted!\n\nWant to work with IDA and BinDiff?\nWant to write PoC\u0027s and Exploits?\n\nYour nationality is not important. \nWe will get you a work permit, find an apartment, and offer a\nrelocation compensation package. \n\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nCS-MARS Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA21118\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21118/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSecurity Bypass, Exposure of system information, System access\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nCisco Security Monitoring, Analysis and Response System (CS-MARS) 4.x\nhttp://secunia.com/product/6780/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in CS-MARS, which can be\nexploited by malicious, local users to bypass certain security\nrestrictions and malicious people to gain knowledge of system\ninformation and compromise a vulnerable system. \n\n2) The included JBoss web application server is also affected by an\ninformation disclosure weakness. \n\nSOLUTION:\nUpdate to version 4.2.1 or later. \n\nPROVIDED AND/OR DISCOVERED BY:\n1+2) Jon Hart\n3) Reported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml\n\nOTHER REFERENCES:\nSA15746:\nhttp://secunia.com/advisories/15746/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nThe vulnerability is caused due to a boundary error in the handling\nof Back Orifice packets. \n\nAlternatively, disable the Back Orifice pre-processor",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-3732"
          },
          {
            "db": "CERT/CC",
            "id": "VU#175500"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002835"
          },
          {
            "db": "BID",
            "id": "19073"
          },
          {
            "db": "BID",
            "id": "19071"
          },
          {
            "db": "BID",
            "id": "15131"
          },
          {
            "db": "VULHUB",
            "id": "VHN-19840"
          },
          {
            "db": "PACKETSTORM",
            "id": "40869"
          },
          {
            "db": "PACKETSTORM",
            "id": "48383"
          },
          {
            "db": "PACKETSTORM",
            "id": "40766"
          }
        ],
        "trust": 3.51
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2006-3732",
            "trust": 2.5
          },
          {
            "db": "BID",
            "id": "19071",
            "trust": 2.0
          },
          {
            "db": "BID",
            "id": "19073",
            "trust": 2.0
          },
          {
            "db": "SECUNIA",
            "id": "21118",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016537",
            "trust": 1.7
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-2887",
            "trust": 1.7
          },
          {
            "db": "CERT/CC",
            "id": "VU#175500",
            "trust": 1.2
          },
          {
            "db": "SECUNIA",
            "id": "17220",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002835",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200607-315",
            "trust": 0.7
          },
          {
            "db": "CISCO",
            "id": "20060719 MULTIPLE VULNERABILITIES IN CISCO SECURITY MONITORING, ANALYSIS AND RESPONSE SYSTEM (CS-MARS)",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "27810",
            "trust": 0.6
          },
          {
            "db": "USCERT",
            "id": "TA05-291A",
            "trust": 0.4
          },
          {
            "db": "BID",
            "id": "15131",
            "trust": 0.3
          },
          {
            "db": "VULHUB",
            "id": "VHN-19840",
            "trust": 0.1
          },
          {
            "db": "CERT/CC",
            "id": "VU#177500",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "40869",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "48383",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "40766",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#175500"
          },
          {
            "db": "VULHUB",
            "id": "VHN-19840"
          },
          {
            "db": "BID",
            "id": "19073"
          },
          {
            "db": "BID",
            "id": "19071"
          },
          {
            "db": "BID",
            "id": "15131"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002835"
          },
          {
            "db": "PACKETSTORM",
            "id": "40869"
          },
          {
            "db": "PACKETSTORM",
            "id": "48383"
          },
          {
            "db": "PACKETSTORM",
            "id": "40766"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3732"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200607-315"
          }
        ]
      },
      "id": "VAR-200607-0504",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-19840"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T11:18:53.694000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-20060719-mars",
            "trust": 0.8,
            "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20060719-mars"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002835"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-3732"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/19071"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/19073"
          },
          {
            "trust": 1.7,
            "url": "http://securitytracker.com/id?1016537"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/21118"
          },
          {
            "trust": 1.2,
            "url": "http://xforce.iss.net/xforce/alerts/id/207"
          },
          {
            "trust": 1.1,
            "url": "http://www.vupen.com/english/advisories/2006/2887"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27810"
          },
          {
            "trust": 0.9,
            "url": "http://www.snort.org/pub-bin/snortnews.cgi#99"
          },
          {
            "trust": 0.9,
            "url": "http://secunia.com/advisories/17220/"
          },
          {
            "trust": 0.8,
            "url": "http://www.snort.org/docs/change_logs/2.4.3/changelog.txt"
          },
          {
            "trust": 0.8,
            "url": "http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/node11.html#section00310000000000000000"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3732"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3732"
          },
          {
            "trust": 0.6,
            "url": "http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html"
          },
          {
            "trust": 0.6,
            "url": "http://www.cisco.com/en/us/products/ps6241/index.html"
          },
          {
            "trust": 0.6,
            "url": "/archive/1/440580"
          },
          {
            "trust": 0.6,
            "url": "http://www.frsirt.com/english/advisories/2006/2887"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/27810"
          },
          {
            "trust": 0.4,
            "url": "http://www.kb.cert.org/vuls/id/175500"
          },
          {
            "trust": 0.3,
            "url": "http://www.snort.org/rules/advisories/snort_update_20051018.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.snort.org/"
          },
          {
            "trust": 0.3,
            "url": "http://www.snort.org/pub-bin/snortnews.cgi"
          },
          {
            "trust": 0.3,
            "url": "http://www.us-cert.gov/cas/techalerts/ta05-291a.html"
          },
          {
            "trust": 0.3,
            "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=bltndetail\u0026documentoid=362187\u0026renditionid="
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/secunia_security_advisories/"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/xforce/alerts/id/207\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/"
          },
          {
            "trust": 0.1,
            "url": "http://www.us-cert.gov/cas/techalerts/ta05-291a.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.snort.org/docs/change_logs/2.4.3/changelog.txt\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.snort.org/dl/\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.us-cert.gov/cas/signup.html\u003e."
          },
          {
            "trust": 0.1,
            "url": "http://www.us-cert.gov/legal.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.snort.org/pub-bin/snortnews.cgi#99\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.kb.cert.org/vuls/id/177500\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/6780/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/15746/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/21118/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/5691/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#175500"
          },
          {
            "db": "VULHUB",
            "id": "VHN-19840"
          },
          {
            "db": "BID",
            "id": "19073"
          },
          {
            "db": "BID",
            "id": "19071"
          },
          {
            "db": "BID",
            "id": "15131"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002835"
          },
          {
            "db": "PACKETSTORM",
            "id": "40869"
          },
          {
            "db": "PACKETSTORM",
            "id": "48383"
          },
          {
            "db": "PACKETSTORM",
            "id": "40766"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3732"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200607-315"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#175500"
          },
          {
            "db": "VULHUB",
            "id": "VHN-19840"
          },
          {
            "db": "BID",
            "id": "19073"
          },
          {
            "db": "BID",
            "id": "19071"
          },
          {
            "db": "BID",
            "id": "15131"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002835"
          },
          {
            "db": "PACKETSTORM",
            "id": "40869"
          },
          {
            "db": "PACKETSTORM",
            "id": "48383"
          },
          {
            "db": "PACKETSTORM",
            "id": "40766"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3732"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200607-315"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2005-10-18T00:00:00",
            "db": "CERT/CC",
            "id": "VU#175500"
          },
          {
            "date": "2006-07-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-19840"
          },
          {
            "date": "2006-07-19T00:00:00",
            "db": "BID",
            "id": "19073"
          },
          {
            "date": "2006-07-19T00:00:00",
            "db": "BID",
            "id": "19071"
          },
          {
            "date": "2005-10-18T00:00:00",
            "db": "BID",
            "id": "15131"
          },
          {
            "date": "2012-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-002835"
          },
          {
            "date": "2005-10-24T23:41:37",
            "db": "PACKETSTORM",
            "id": "40869"
          },
          {
            "date": "2006-07-20T08:48:26",
            "db": "PACKETSTORM",
            "id": "48383"
          },
          {
            "date": "2005-10-18T22:10:31",
            "db": "PACKETSTORM",
            "id": "40766"
          },
          {
            "date": "2006-07-21T14:03:00",
            "db": "NVD",
            "id": "CVE-2006-3732"
          },
          {
            "date": "2006-07-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200607-315"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2005-11-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#175500"
          },
          {
            "date": "2017-07-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-19840"
          },
          {
            "date": "2006-07-20T18:28:00",
            "db": "BID",
            "id": "19073"
          },
          {
            "date": "2006-07-20T18:52:00",
            "db": "BID",
            "id": "19071"
          },
          {
            "date": "2005-10-18T00:00:00",
            "db": "BID",
            "id": "15131"
          },
          {
            "date": "2012-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-002835"
          },
          {
            "date": "2017-07-20T01:32:32.087000",
            "db": "NVD",
            "id": "CVE-2006-3732"
          },
          {
            "date": "2006-08-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200607-315"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "40869"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200607-315"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Snort Back Orifice preprocessor buffer overflow",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#175500"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Access Validation Error",
        "sources": [
          {
            "db": "BID",
            "id": "19073"
          },
          {
            "db": "BID",
            "id": "19071"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200602-0404

    Vulnerability from variot - Updated: 2023-12-18 11:12

    The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths. Snort is reportedly prone to a vulnerability that may allow malicious packets to bypass detection. Reports indicate that the Frag3 preprocessor fails to properly analyze certain packets. A successful attack can allow attackers to bypass intrusion detection and to carry out attacks against computers protected by Snort. This vulnerability affects Snort 2.4.3. Other versions may be vulnerable as well.

    TITLE: Snort frag3 Preprocessor Packet Reassembly Vulnerability

    SECUNIA ADVISORY ID: SA18959

    VERIFY ADVISORY: http://secunia.com/advisories/18959/

    CRITICAL: Moderately critical

    IMPACT: Security Bypass

    WHERE:

    From remote

    SOFTWARE: Snort 2.4.x http://secunia.com/product/5691/

    DESCRIPTION: siouxsie has reported a vulnerability in Snort, which potentially can be exploited by malicious people to bypass certain security restrictions.

    The vulnerability has been reported in version 2.4.3.

    SOLUTION: Filter potentially malicious fragmented IP packets with a firewall.

    PROVIDED AND/OR DISCOVERED BY: siouxsie


    About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200602-0404",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "snort",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "sourcefire",
            "version": "2.4.3"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.6,
            "vendor": "no",
            "version": null
          },
          {
            "model": "project snort",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snort",
            "version": "2.4.3"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2006-0996"
          },
          {
            "db": "BID",
            "id": "16705"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-0839"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-339"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:sourcefire:snort:2.4.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-0839"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Reported by",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-339"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-0839",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2006-0996",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2006-0839",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2006-0996",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200602-339",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2006-0996"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-0839"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-339"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths. Snort is reportedly prone to a vulnerability that may allow malicious packets to bypass detection. \nReports indicate that the Frag3 preprocessor fails to properly analyze certain packets. \nA successful attack can allow attackers to bypass intrusion detection and to carry out attacks against computers protected by Snort. \nThis vulnerability affects Snort 2.4.3. Other versions may be vulnerable as well. \n\nTITLE:\nSnort frag3 Preprocessor Packet Reassembly Vulnerability\n\nSECUNIA ADVISORY ID:\nSA18959\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/18959/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nSnort 2.4.x\nhttp://secunia.com/product/5691/\n\nDESCRIPTION:\nsiouxsie has reported a vulnerability in Snort, which potentially can\nbe exploited by malicious people to bypass certain security\nrestrictions. \n\nThe vulnerability has been reported in version 2.4.3. \n\nSOLUTION:\nFilter potentially malicious fragmented IP packets with a firewall. \n\nPROVIDED AND/OR DISCOVERED BY:\nsiouxsie\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-0839"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2006-0996"
          },
          {
            "db": "BID",
            "id": "16705"
          },
          {
            "db": "PACKETSTORM",
            "id": "44230"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "16705",
            "trust": 2.5
          },
          {
            "db": "NVD",
            "id": "CVE-2006-0839",
            "trust": 2.2
          },
          {
            "db": "SECUNIA",
            "id": "18959",
            "trust": 1.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2006-0996",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "3",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "24811",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20060217 SNORT INCORRECT FRAGMENTED PACKET REASSEMBLY",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-339",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "44230",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2006-0996"
          },
          {
            "db": "BID",
            "id": "16705"
          },
          {
            "db": "PACKETSTORM",
            "id": "44230"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-0839"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-339"
          }
        ]
      },
      "id": "VAR-200602-0404",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2006-0996"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2006-0996"
          }
        ]
      },
      "last_update_date": "2023-12-18T11:12:52.992000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-0839"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "http://www.securityfocus.com/bid/16705"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/18959"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/425290/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24811"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/425290/100/0/threaded"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/24811"
          },
          {
            "trust": 0.3,
            "url": "http://www.snort.org/"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/425290"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/5691/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/18959/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2006-0996"
          },
          {
            "db": "BID",
            "id": "16705"
          },
          {
            "db": "PACKETSTORM",
            "id": "44230"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-0839"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-339"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2006-0996"
          },
          {
            "db": "BID",
            "id": "16705"
          },
          {
            "db": "PACKETSTORM",
            "id": "44230"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-0839"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-339"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-02-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2006-0996"
          },
          {
            "date": "2006-02-17T00:00:00",
            "db": "BID",
            "id": "16705"
          },
          {
            "date": "2006-03-01T03:50:51",
            "db": "PACKETSTORM",
            "id": "44230"
          },
          {
            "date": "2006-02-22T02:02:00",
            "db": "NVD",
            "id": "CVE-2006-0839"
          },
          {
            "date": "2006-02-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200602-339"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-02-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2006-0996"
          },
          {
            "date": "2006-02-17T18:43:00",
            "db": "BID",
            "id": "16705"
          },
          {
            "date": "2018-10-18T16:29:23.023000",
            "db": "NVD",
            "id": "CVE-2006-0839"
          },
          {
            "date": "2006-08-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200602-339"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-339"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Snort Frag3 Processor Packet Fragment Avoidance Detection Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2006-0996"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Design Error",
        "sources": [
          {
            "db": "BID",
            "id": "16705"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200602-339"
          }
        ],
        "trust": 0.9
      }
    }

    VAR-200607-0505

    Vulnerability from variot - Updated: 2023-12-18 11:12

    jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name. A buffer overflow exists in the Snort Back Orifice preprocessor that may allow a remote, unauthenticated attacker to execute arbitrary code, possibly with elevated privileges. Cisco Security Monitoring, Analysis and Response System (CS-MARS) is prone to multiple vulnerabilities, including privilege-escalation, arbitrary command-execution, and information-disclosure issues. This may facilitate a remote compromise of affected computers. Cisco has released version 4.2.1 to address these issues; prior versions are reported vulnerable. Snort is susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the application to securely copy network-derived data into sensitive process buffers. The specific issue exists in the Back Orifice preprocessor. This may facilitate unauthorized access or privilege escalation. Due to the nature of this issue, attackers may exploit it by sending a single UDP packet with a potentially spoofed source address to an arbitrary destination address and port. As long as the application can sniff the packet, it may be exploited. These aspects of this issue may aid attackers in bypassing firewalls in order to compromise a wider number of computers. Reportedly, this issue is difficult to reliably exploit across differing operating systems and compiler versions. Failed exploit attempts likely result in crashing the application, thereby disabling detection of other attacks. Snort versions 2.4.0 through 2.4.2 are affected by this issue. Other versions may also be affected, but this has not been confirmed. There is a loophole when the server processes user requests. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                     National Cyber Alert System
    
               Technical Cyber Security Alert TA05-291A
    

    Snort Back Orifice Preprocessor Buffer Overflow

    Original release date: October 18, 2005 Last revised: -- Source: US-CERT

    Systems Affected

     * Snort versions 2.4.0 to 2.4.2
     * Sourcefire Intrusion Sensors
    

    Other products that use Snort or Snort components may be affected.

    I. Description

    Snort is a widely-deployed, open-source network intrusion detection system (IDS). Snort and its components are used in other IDS products, notably Sourcefire Intrusion Sensors, and Snort is included with a number of operating system distributions.

    Snort preprocessors are modular plugins that extend functionality by operating on packets before the detection engine is run. The ping detection code does not adequately limit the amount of data that is read from the packet into a fixed-length buffer, thus creating the potential for a buffer overflow.

    The vulnerable code will process any UDP packet that is not destined to or sourced from the default Back Orifice port (31337/udp). An attacker could exploit this vulnerability by sending a specially crafted UDP packet to a host or network monitored by Snort.

    US-CERT is tracking this vulnerability as VU#175500. Further information is available in an advisory from Internet Security Systems (ISS).

    II. Snort typically runs with root or SYSTEM privileges, so an attacker could take complete control of a vulnerable system. An attacker does not need to target a Snort sensor directly; the attacker can target any host or network monitored by Snort.

    III. Solution

    Upgrade

    Sourcefire has released Snort 2.4.3 which is available from the Snort download site. For information about other vendors, please see the Systems Affected section of VU#175500.

    Disable Back Orifice Preprocessor

    To disable the Back Orifice preprocessor, comment out the line that loads the preprocessor in the Snort configuration file (typically /etc/snort.conf on UNIX and Linux systems):

     [/etc/snort.conf]
     ... 
     #preprocessor bo
     ...
    

    Restart Snort for the change to take effect.

    Restrict Outbound Traffic

    Consider preventing Snort sensors from initiating outbound connections and restricting outbound traffic to only those hosts and networks that have legitimate requirements to communicate with the sensors. While this will not prevent exploitation of the vulnerability, it may make it more difficult for an attacker to access a compromised system or reconnoiter other systems.

    Appendix A. References

     * US-CERT Vulnerability Note VU#175500 -
       <http://www.kb.cert.org/vuls/id/177500>
    
     * Fixes and Mitigation Instructions Available for Snort Back
       Orifice Vulnerability -
       <http://www.snort.org/pub-bin/snortnews.cgi#99>
    
     * Snort downloads - <http://www.snort.org/dl/>
    
     * Snort 2.4.3 Changelog -
       <http://www.snort.org/docs/change_logs/2.4.3/Changelog.txt>
    
     * Preprocessors -
       <http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/
       node11.html#SECTION00310000000000000000>
    
     * Snort Back Orifice Parsing Remote Code Execution -
       <http://xforce.iss.net/xforce/alerts/id/207>
    

    This vulnerability was researched and reported by Internet Security Systems (ISS).


    The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA05-291A.html>
    

    Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA05-291A Feedback VU#175500" in the subject.


    For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.


    Produced 2005 by US-CERT, a government organization.

    Terms of use:

     <http://www.us-cert.gov/legal.html>
    

    Revision History

    Oct 18, 2005: Initial release

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

    iQEVAwUBQ1VB130pj593lg50AQLY6wf+Kq/rI3wxG4rGr+OdVrpl3v+TfTMp6MX3 T0e99ybRSGKeWQCleMQYdBYrS+7UyCa28T1yE8ENe4SuYLPj7ttTqpd0AGxn7f8H +qOY0GnJwXvrWlKCfVtAhjo5JFDxgZQV9P/13MwjcsJrGTtHzhuJ8YZc4RtSMyVX 4nf2s4Nymjd2+jIEX9BnwRIe/E47TRdFLSsza36mhKZLZV1lxLdJYywCZSsQLWNM nL9gohRojR/6wQk8sLjef8LCv2JFu3btsqrrblcTWqfB6GhVR9OSUBhL+b8P/mme jVd9eE0OS5v8rzhaEMiYIMI+pEZEpATj4BnVoLwPkLAoD6ObGJKHkQ== =jjID -----END PGP SIGNATURE----- .


    Hardcore Disassembler / Reverse Engineer Wanted!

    Want to work with IDA and BinDiff? Want to write PoC's and Exploits?

    Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package.

    http://secunia.com/hardcore_disassembler_and_reverse_engineer/


    TITLE: CS-MARS Multiple Vulnerabilities

    SECUNIA ADVISORY ID: SA21118

    VERIFY ADVISORY: http://secunia.com/advisories/21118/

    CRITICAL: Moderately critical

    IMPACT: Security Bypass, Exposure of system information, System access

    WHERE:

    From local network

    OPERATING SYSTEM: Cisco Security Monitoring, Analysis and Response System (CS-MARS) 4.x http://secunia.com/product/6780/

    DESCRIPTION: Multiple vulnerabilities have been reported in CS-MARS, which can be exploited by malicious, local users to bypass certain security restrictions and malicious people to gain knowledge of system information and compromise a vulnerable system.

    2) The included JBoss web application server is also affected by an information disclosure weakness.

    CS-MARS also ships with an Oracle database containing several default Oracle accounts with well-known passwords.

    SOLUTION: Update to version 4.2.1 or later.

    PROVIDED AND/OR DISCOVERED BY: 1+2) Jon Hart 3) Reported by the vendor.

    ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml

    OTHER REFERENCES: SA15746: http://secunia.com/advisories/15746/


    About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    .

    The vulnerability is caused due to a boundary error in the handling of Back Orifice packets.

    Alternatively, disable the Back Orifice pre-processor

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200607-0505",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "security monitoring analysis and response system",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "4.2.0"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nortel",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "snort",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sourcefire",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": "security monitoring, analysis and response system",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "cisco",
            "version": "4.2.1"
          },
          {
            "model": "networks contivity vpn switch",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "nortel",
            "version": "20004.1.3"
          },
          {
            "model": "networks contivity vpn switch",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "nortel",
            "version": "20004.1.2"
          },
          {
            "model": "networks contivity vpn switch",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "nortel",
            "version": "20004.1"
          },
          {
            "model": "cs-mars",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "4.1.5"
          },
          {
            "model": "cs-mars",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "4.2.1"
          },
          {
            "model": "project snort",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snort",
            "version": "2.4.2"
          },
          {
            "model": "project snort",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snort",
            "version": "2.4.1"
          },
          {
            "model": "project snort",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snort",
            "version": "2.4.0"
          },
          {
            "model": "networks threat protection system intrusion sensor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "4.1"
          },
          {
            "model": "networks threat protection system defense center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "4.1"
          },
          {
            "model": "project snort",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "snort",
            "version": "2.4.3"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#175500"
          },
          {
            "db": "BID",
            "id": "19075"
          },
          {
            "db": "BID",
            "id": "19071"
          },
          {
            "db": "BID",
            "id": "15131"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002836"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3733"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200607-343"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:security_monitoring_analysis_and_response_system:4.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-3733"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "These issues were disclosed by the vendor.",
        "sources": [
          {
            "db": "BID",
            "id": "19075"
          },
          {
            "db": "BID",
            "id": "19071"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-3733",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": true,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2006-3733",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-19841",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2006-3733",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#175500",
                "trust": 0.8,
                "value": "31.05"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200607-343",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-19841",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#175500"
          },
          {
            "db": "VULHUB",
            "id": "VHN-19841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002836"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3733"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200607-343"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name. A buffer overflow exists in the Snort Back Orifice preprocessor that may allow a remote, unauthenticated attacker to execute arbitrary code, possibly with elevated privileges. Cisco Security Monitoring, Analysis and Response System (CS-MARS) is prone to multiple vulnerabilities, including privilege-escalation, arbitrary command-execution, and information-disclosure issues. This may facilitate a remote compromise of affected computers. \nCisco has released version 4.2.1 to address these issues; prior versions are reported vulnerable. Snort is susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the application to securely copy network-derived data into sensitive process buffers. The specific issue exists in the Back Orifice preprocessor. This may facilitate unauthorized access or privilege escalation. \nDue to the nature of this issue, attackers may exploit it by sending a single UDP packet with a potentially spoofed source address to an arbitrary destination address and port. As long as the application can sniff the packet, it may be exploited. These aspects of this issue may aid attackers in bypassing firewalls in order to compromise a wider number of computers. \nReportedly, this issue is difficult to reliably exploit across differing operating systems and compiler versions. Failed exploit attempts likely result in crashing the application, thereby disabling detection of other attacks. \nSnort versions 2.4.0 through 2.4.2 are affected by this issue. Other versions may also be affected, but this has not been confirmed. There is a loophole when the server processes user requests. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n                     National Cyber Alert System\n\n               Technical Cyber Security Alert TA05-291A\n\n\nSnort Back Orifice Preprocessor Buffer Overflow\n\n   Original release date: October 18, 2005\n   Last revised: --\n   Source: US-CERT\n\n\nSystems Affected\n\n     * Snort versions 2.4.0 to 2.4.2\n     * Sourcefire Intrusion Sensors\n\n   Other products that use Snort or Snort components may be affected. \n\n\nI. Description\n\n   Snort is a widely-deployed, open-source network intrusion detection\n   system (IDS). Snort and its components are used in other IDS\n   products, notably Sourcefire Intrusion Sensors, and Snort is\n   included with a number of operating system distributions. \n\n   Snort preprocessors are modular plugins that extend functionality\n   by operating on packets before the detection engine is run. The ping detection code does\n   not adequately limit the amount of data that is read from the\n   packet into a fixed-length buffer, thus creating the potential for\n   a buffer overflow. \n\n   The vulnerable code will process any UDP packet that is not\n   destined to or sourced from the default Back Orifice port\n   (31337/udp). An attacker could exploit this vulnerability by\n   sending a specially crafted UDP packet to a host or network\n   monitored by Snort. \n\n   US-CERT is tracking this vulnerability as VU#175500. Further\n   information is available in an advisory from Internet Security\n   Systems (ISS). \n\n\nII. Snort typically runs with root or\n   SYSTEM privileges, so an attacker could take complete control of a\n   vulnerable system. An attacker does not need to target a Snort\n   sensor directly; the attacker can target any host or network\n   monitored by Snort. \n\n\nIII. Solution\n\nUpgrade\n\n   Sourcefire has released Snort 2.4.3 which is available from the\n   Snort download site. For information about other vendors, please\n   see the Systems Affected section of VU#175500. \n\nDisable Back Orifice Preprocessor\n\n   To disable the Back Orifice preprocessor, comment out the line that\n   loads the preprocessor in the Snort configuration file (typically\n   /etc/snort.conf on UNIX and Linux systems):\n\n     [/etc/snort.conf]\n     ... \n     #preprocessor bo\n     ... \n   \n   Restart Snort for the change to take effect. \n\nRestrict Outbound Traffic\n\n   Consider preventing Snort sensors from initiating outbound\n   connections and restricting outbound traffic to only those hosts\n   and networks that have legitimate requirements to communicate with\n   the sensors. While this will not prevent exploitation of the\n   vulnerability, it may make it more difficult for an attacker to\n   access a compromised system or reconnoiter other systems. \n\n\nAppendix A. References\n\n     * US-CERT Vulnerability Note VU#175500 -\n       \u003chttp://www.kb.cert.org/vuls/id/177500\u003e\n\n     * Fixes and Mitigation Instructions Available for Snort Back\n       Orifice Vulnerability -\n       \u003chttp://www.snort.org/pub-bin/snortnews.cgi#99\u003e\n\n     * Snort downloads - \u003chttp://www.snort.org/dl/\u003e\n\n     * Snort 2.4.3 Changelog -\n       \u003chttp://www.snort.org/docs/change_logs/2.4.3/Changelog.txt\u003e\n\n     * Preprocessors -\n       \u003chttp://www.snort.org/docs/snort_htmanuals/htmanual_2.4/\n       node11.html#SECTION00310000000000000000\u003e\n\n     * Snort Back Orifice Parsing Remote Code Execution -\n       \u003chttp://xforce.iss.net/xforce/alerts/id/207\u003e\n\n\n ____________________________________________________________________\n\n   This vulnerability was researched and reported by Internet Security\n   Systems (ISS). \n ____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA05-291A.html\u003e\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA05-291A Feedback VU#175500\" in the\n   subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2005 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\nRevision History\n\n   Oct 18, 2005: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBQ1VB130pj593lg50AQLY6wf+Kq/rI3wxG4rGr+OdVrpl3v+TfTMp6MX3\nT0e99ybRSGKeWQCleMQYdBYrS+7UyCa28T1yE8ENe4SuYLPj7ttTqpd0AGxn7f8H\n+qOY0GnJwXvrWlKCfVtAhjo5JFDxgZQV9P/13MwjcsJrGTtHzhuJ8YZc4RtSMyVX\n4nf2s4Nymjd2+jIEX9BnwRIe/E47TRdFLSsza36mhKZLZV1lxLdJYywCZSsQLWNM\nnL9gohRojR/6wQk8sLjef8LCv2JFu3btsqrrblcTWqfB6GhVR9OSUBhL+b8P/mme\njVd9eE0OS5v8rzhaEMiYIMI+pEZEpATj4BnVoLwPkLAoD6ObGJKHkQ==\n=jjID\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nHardcore Disassembler / Reverse Engineer Wanted!\n\nWant to work with IDA and BinDiff?\nWant to write PoC\u0027s and Exploits?\n\nYour nationality is not important. \nWe will get you a work permit, find an apartment, and offer a\nrelocation compensation package. \n\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nCS-MARS Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA21118\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21118/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSecurity Bypass, Exposure of system information, System access\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nCisco Security Monitoring, Analysis and Response System (CS-MARS) 4.x\nhttp://secunia.com/product/6780/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in CS-MARS, which can be\nexploited by malicious, local users to bypass certain security\nrestrictions and malicious people to gain knowledge of system\ninformation and compromise a vulnerable system. \n\n2) The included JBoss web application server is also affected by an\ninformation disclosure weakness. \n\nCS-MARS also ships with an Oracle database containing several default\nOracle accounts with well-known passwords. \n\nSOLUTION:\nUpdate to version 4.2.1 or later. \n\nPROVIDED AND/OR DISCOVERED BY:\n1+2) Jon Hart\n3) Reported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml\n\nOTHER REFERENCES:\nSA15746:\nhttp://secunia.com/advisories/15746/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nThe vulnerability is caused due to a boundary error in the handling\nof Back Orifice packets. \n\nAlternatively, disable the Back Orifice pre-processor",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-3733"
          },
          {
            "db": "CERT/CC",
            "id": "VU#175500"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002836"
          },
          {
            "db": "BID",
            "id": "19075"
          },
          {
            "db": "BID",
            "id": "19071"
          },
          {
            "db": "BID",
            "id": "15131"
          },
          {
            "db": "VULHUB",
            "id": "VHN-19841"
          },
          {
            "db": "PACKETSTORM",
            "id": "40869"
          },
          {
            "db": "PACKETSTORM",
            "id": "48383"
          },
          {
            "db": "PACKETSTORM",
            "id": "40766"
          }
        ],
        "trust": 3.51
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-19841",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-19841"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2006-3733",
            "trust": 2.5
          },
          {
            "db": "BID",
            "id": "19071",
            "trust": 2.0
          },
          {
            "db": "BID",
            "id": "19075",
            "trust": 2.0
          },
          {
            "db": "SECUNIA",
            "id": "21118",
            "trust": 1.8
          },
          {
            "db": "OSVDB",
            "id": "27419",
            "trust": 1.7
          },
          {
            "db": "SECTRACK",
            "id": "1016537",
            "trust": 1.7
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-2887",
            "trust": 1.7
          },
          {
            "db": "CERT/CC",
            "id": "VU#175500",
            "trust": 1.2
          },
          {
            "db": "SECUNIA",
            "id": "17220",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002836",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200607-343",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20060720 CISCO MARS \u003c 4.2.1 REMOTE COMPROMISE",
            "trust": 0.6
          },
          {
            "db": "CISCO",
            "id": "20060719 MULTIPLE VULNERABILITIES IN CISCO SECURITY MONITORING, ANALYSIS AND RESPONSE SYSTEM (CS-MARS)",
            "trust": 0.6
          },
          {
            "db": "FULLDISC",
            "id": "20060720 CISCO MARS \u003c 4.2.1 REMOTE COMPROMISE",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "27811",
            "trust": 0.6
          },
          {
            "db": "USCERT",
            "id": "TA05-291A",
            "trust": 0.4
          },
          {
            "db": "BID",
            "id": "15131",
            "trust": 0.3
          },
          {
            "db": "EXPLOIT-DB",
            "id": "28245",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-81819",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-19841",
            "trust": 0.1
          },
          {
            "db": "CERT/CC",
            "id": "VU#177500",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "40869",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "48383",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "40766",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#175500"
          },
          {
            "db": "VULHUB",
            "id": "VHN-19841"
          },
          {
            "db": "BID",
            "id": "19075"
          },
          {
            "db": "BID",
            "id": "19071"
          },
          {
            "db": "BID",
            "id": "15131"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002836"
          },
          {
            "db": "PACKETSTORM",
            "id": "40869"
          },
          {
            "db": "PACKETSTORM",
            "id": "48383"
          },
          {
            "db": "PACKETSTORM",
            "id": "40766"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3733"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200607-343"
          }
        ]
      },
      "id": "VAR-200607-0505",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-19841"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T11:12:30.015000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-20060719-mars",
            "trust": 0.8,
            "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20060719-mars"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002836"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-19841"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002836"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3733"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/19071"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/19075"
          },
          {
            "trust": 1.7,
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.osvdb.org/27419"
          },
          {
            "trust": 1.7,
            "url": "http://securitytracker.com/id?1016537"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/21118"
          },
          {
            "trust": 1.2,
            "url": "http://xforce.iss.net/xforce/alerts/id/207"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/archive/1/440641/100/100/threaded"
          },
          {
            "trust": 1.1,
            "url": "http://www.vupen.com/english/advisories/2006/2887"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27811"
          },
          {
            "trust": 0.9,
            "url": "http://www.snort.org/pub-bin/snortnews.cgi#99"
          },
          {
            "trust": 0.9,
            "url": "http://secunia.com/advisories/17220/"
          },
          {
            "trust": 0.8,
            "url": "http://www.snort.org/docs/change_logs/2.4.3/changelog.txt"
          },
          {
            "trust": 0.8,
            "url": "http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/node11.html#section00310000000000000000"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3733"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3733"
          },
          {
            "trust": 0.6,
            "url": "http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html"
          },
          {
            "trust": 0.6,
            "url": "http://www.cisco.com/en/us/products/ps6241/index.html"
          },
          {
            "trust": 0.6,
            "url": "/archive/1/440580"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/27811"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/440641/100/100/threaded"
          },
          {
            "trust": 0.6,
            "url": "http://www.frsirt.com/english/advisories/2006/2887"
          },
          {
            "trust": 0.4,
            "url": "http://www.kb.cert.org/vuls/id/175500"
          },
          {
            "trust": 0.3,
            "url": "http://wiki.jboss.org/wiki/wiki.jsp?page=securejboss"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/440641"
          },
          {
            "trust": 0.3,
            "url": "http://www.snort.org/rules/advisories/snort_update_20051018.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.snort.org/"
          },
          {
            "trust": 0.3,
            "url": "http://www.snort.org/pub-bin/snortnews.cgi"
          },
          {
            "trust": 0.3,
            "url": "http://www.us-cert.gov/cas/techalerts/ta05-291a.html"
          },
          {
            "trust": 0.3,
            "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=bltndetail\u0026documentoid=362187\u0026renditionid="
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/secunia_security_advisories/"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/xforce/alerts/id/207\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/"
          },
          {
            "trust": 0.1,
            "url": "http://www.us-cert.gov/cas/techalerts/ta05-291a.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.snort.org/docs/change_logs/2.4.3/changelog.txt\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.snort.org/dl/\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.us-cert.gov/cas/signup.html\u003e."
          },
          {
            "trust": 0.1,
            "url": "http://www.us-cert.gov/legal.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.snort.org/pub-bin/snortnews.cgi#99\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.kb.cert.org/vuls/id/177500\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/6780/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/15746/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/21118/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/5691/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#175500"
          },
          {
            "db": "VULHUB",
            "id": "VHN-19841"
          },
          {
            "db": "BID",
            "id": "19075"
          },
          {
            "db": "BID",
            "id": "19071"
          },
          {
            "db": "BID",
            "id": "15131"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002836"
          },
          {
            "db": "PACKETSTORM",
            "id": "40869"
          },
          {
            "db": "PACKETSTORM",
            "id": "48383"
          },
          {
            "db": "PACKETSTORM",
            "id": "40766"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3733"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200607-343"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#175500"
          },
          {
            "db": "VULHUB",
            "id": "VHN-19841"
          },
          {
            "db": "BID",
            "id": "19075"
          },
          {
            "db": "BID",
            "id": "19071"
          },
          {
            "db": "BID",
            "id": "15131"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002836"
          },
          {
            "db": "PACKETSTORM",
            "id": "40869"
          },
          {
            "db": "PACKETSTORM",
            "id": "48383"
          },
          {
            "db": "PACKETSTORM",
            "id": "40766"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3733"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200607-343"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2005-10-18T00:00:00",
            "db": "CERT/CC",
            "id": "VU#175500"
          },
          {
            "date": "2006-07-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-19841"
          },
          {
            "date": "2006-07-19T00:00:00",
            "db": "BID",
            "id": "19075"
          },
          {
            "date": "2006-07-19T00:00:00",
            "db": "BID",
            "id": "19071"
          },
          {
            "date": "2005-10-18T00:00:00",
            "db": "BID",
            "id": "15131"
          },
          {
            "date": "2012-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-002836"
          },
          {
            "date": "2005-10-24T23:41:37",
            "db": "PACKETSTORM",
            "id": "40869"
          },
          {
            "date": "2006-07-20T08:48:26",
            "db": "PACKETSTORM",
            "id": "48383"
          },
          {
            "date": "2005-10-18T22:10:31",
            "db": "PACKETSTORM",
            "id": "40766"
          },
          {
            "date": "2006-07-21T14:03:00",
            "db": "NVD",
            "id": "CVE-2006-3733"
          },
          {
            "date": "2006-07-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200607-343"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2005-11-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#175500"
          },
          {
            "date": "2018-10-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-19841"
          },
          {
            "date": "2006-07-20T21:57:00",
            "db": "BID",
            "id": "19075"
          },
          {
            "date": "2006-07-20T18:52:00",
            "db": "BID",
            "id": "19071"
          },
          {
            "date": "2005-10-18T00:00:00",
            "db": "BID",
            "id": "15131"
          },
          {
            "date": "2012-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-002836"
          },
          {
            "date": "2018-10-17T21:29:06.937000",
            "db": "NVD",
            "id": "CVE-2006-3733"
          },
          {
            "date": "2006-08-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200607-343"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "19075"
          },
          {
            "db": "BID",
            "id": "19071"
          },
          {
            "db": "BID",
            "id": "15131"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Snort Back Orifice preprocessor buffer overflow",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#175500"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Access Validation Error",
        "sources": [
          {
            "db": "BID",
            "id": "19075"
          },
          {
            "db": "BID",
            "id": "19071"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200607-0506

    Vulnerability from variot - Updated: 2023-12-18 11:07

    Multiple unspecified vulnerabilities in the Command Line Interface (CLI) for Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allow local CS-MARS administrators to execute arbitrary commands as root. A buffer overflow exists in the Snort Back Orifice preprocessor that may allow a remote, unauthenticated attacker to execute arbitrary code, possibly with elevated privileges. This may facilitate a remote compromise of affected computers. Cisco has released version 4.2.1 to address these issues; prior versions are reported vulnerable. Snort is susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the application to securely copy network-derived data into sensitive process buffers. The specific issue exists in the Back Orifice preprocessor. This may facilitate unauthorized access or privilege escalation. Due to the nature of this issue, attackers may exploit it by sending a single UDP packet with a potentially spoofed source address to an arbitrary destination address and port. As long as the application can sniff the packet, it may be exploited. These aspects of this issue may aid attackers in bypassing firewalls in order to compromise a wider number of computers. Reportedly, this issue is difficult to reliably exploit across differing operating systems and compiler versions. Failed exploit attempts likely result in crashing the application, thereby disabling detection of other attacks. Snort versions 2.4.0 through 2.4.2 are affected by this issue. Other versions may also be affected, but this has not been confirmed. The CS-MARS CLI is a restricted shell environment that allows authenticated administrators to perform system maintenance tasks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                     National Cyber Alert System
    
               Technical Cyber Security Alert TA05-291A
    

    Snort Back Orifice Preprocessor Buffer Overflow

    Original release date: October 18, 2005 Last revised: -- Source: US-CERT

    Systems Affected

     * Snort versions 2.4.0 to 2.4.2
     * Sourcefire Intrusion Sensors
    

    Other products that use Snort or Snort components may be affected.

    I. Description

    Snort is a widely-deployed, open-source network intrusion detection system (IDS). Snort and its components are used in other IDS products, notably Sourcefire Intrusion Sensors, and Snort is included with a number of operating system distributions.

    Snort preprocessors are modular plugins that extend functionality by operating on packets before the detection engine is run. The ping detection code does not adequately limit the amount of data that is read from the packet into a fixed-length buffer, thus creating the potential for a buffer overflow.

    The vulnerable code will process any UDP packet that is not destined to or sourced from the default Back Orifice port (31337/udp). An attacker could exploit this vulnerability by sending a specially crafted UDP packet to a host or network monitored by Snort.

    US-CERT is tracking this vulnerability as VU#175500. Further information is available in an advisory from Internet Security Systems (ISS).

    II. Snort typically runs with root or SYSTEM privileges, so an attacker could take complete control of a vulnerable system. An attacker does not need to target a Snort sensor directly; the attacker can target any host or network monitored by Snort.

    III. Solution

    Upgrade

    Sourcefire has released Snort 2.4.3 which is available from the Snort download site. For information about other vendors, please see the Systems Affected section of VU#175500.

    Disable Back Orifice Preprocessor

    To disable the Back Orifice preprocessor, comment out the line that loads the preprocessor in the Snort configuration file (typically /etc/snort.conf on UNIX and Linux systems):

     [/etc/snort.conf]
     ... 
     #preprocessor bo
     ...
    

    Restart Snort for the change to take effect.

    Restrict Outbound Traffic

    Consider preventing Snort sensors from initiating outbound connections and restricting outbound traffic to only those hosts and networks that have legitimate requirements to communicate with the sensors. While this will not prevent exploitation of the vulnerability, it may make it more difficult for an attacker to access a compromised system or reconnoiter other systems.

    Appendix A. References

     * US-CERT Vulnerability Note VU#175500 -
       <http://www.kb.cert.org/vuls/id/177500>
    
     * Fixes and Mitigation Instructions Available for Snort Back
       Orifice Vulnerability -
       <http://www.snort.org/pub-bin/snortnews.cgi#99>
    
     * Snort downloads - <http://www.snort.org/dl/>
    
     * Snort 2.4.3 Changelog -
       <http://www.snort.org/docs/change_logs/2.4.3/Changelog.txt>
    
     * Preprocessors -
       <http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/
       node11.html#SECTION00310000000000000000>
    
     * Snort Back Orifice Parsing Remote Code Execution -
       <http://xforce.iss.net/xforce/alerts/id/207>
    

    This vulnerability was researched and reported by Internet Security Systems (ISS).


    The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA05-291A.html>
    

    Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA05-291A Feedback VU#175500" in the subject.


    For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.


    Produced 2005 by US-CERT, a government organization.

    Terms of use:

     <http://www.us-cert.gov/legal.html>
    

    Revision History

    Oct 18, 2005: Initial release

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

    iQEVAwUBQ1VB130pj593lg50AQLY6wf+Kq/rI3wxG4rGr+OdVrpl3v+TfTMp6MX3 T0e99ybRSGKeWQCleMQYdBYrS+7UyCa28T1yE8ENe4SuYLPj7ttTqpd0AGxn7f8H +qOY0GnJwXvrWlKCfVtAhjo5JFDxgZQV9P/13MwjcsJrGTtHzhuJ8YZc4RtSMyVX 4nf2s4Nymjd2+jIEX9BnwRIe/E47TRdFLSsza36mhKZLZV1lxLdJYywCZSsQLWNM nL9gohRojR/6wQk8sLjef8LCv2JFu3btsqrrblcTWqfB6GhVR9OSUBhL+b8P/mme jVd9eE0OS5v8rzhaEMiYIMI+pEZEpATj4BnVoLwPkLAoD6ObGJKHkQ== =jjID -----END PGP SIGNATURE----- .


    Hardcore Disassembler / Reverse Engineer Wanted!

    Want to work with IDA and BinDiff? Want to write PoC's and Exploits?

    Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package.

    http://secunia.com/hardcore_disassembler_and_reverse_engineer/


    TITLE: CS-MARS Multiple Vulnerabilities

    SECUNIA ADVISORY ID: SA21118

    VERIFY ADVISORY: http://secunia.com/advisories/21118/

    CRITICAL: Moderately critical

    IMPACT: Security Bypass, Exposure of system information, System access

    WHERE:

    From local network

    OPERATING SYSTEM: Cisco Security Monitoring, Analysis and Response System (CS-MARS) 4.x http://secunia.com/product/6780/

    DESCRIPTION: Multiple vulnerabilities have been reported in CS-MARS, which can be exploited by malicious, local users to bypass certain security restrictions and malicious people to gain knowledge of system information and compromise a vulnerable system.

    2) The included JBoss web application server is also affected by an information disclosure weakness.

    CS-MARS also ships with an Oracle database containing several default Oracle accounts with well-known passwords.

    SOLUTION: Update to version 4.2.1 or later.

    PROVIDED AND/OR DISCOVERED BY: 1+2) Jon Hart 3) Reported by the vendor.

    ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml

    OTHER REFERENCES: SA15746: http://secunia.com/advisories/15746/


    About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    .

    The vulnerability is caused due to a boundary error in the handling of Back Orifice packets.

    Alternatively, disable the Back Orifice pre-processor

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200607-0506",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "cs-mars",
            "scope": "eq",
            "trust": 2.2,
            "vendor": "cisco",
            "version": "4.1.5"
          },
          {
            "model": "cs-mars",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "cs-mars",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "4.1.3"
          },
          {
            "model": "cs-mars",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "cisco",
            "version": "4.1.2"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nortel",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "snort",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sourcefire",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": "security monitoring, analysis and response system",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "cisco",
            "version": "4.2.1"
          },
          {
            "model": "networks contivity vpn switch",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "nortel",
            "version": "20004.1.3"
          },
          {
            "model": "networks contivity vpn switch",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "nortel",
            "version": "20004.1.2"
          },
          {
            "model": "networks contivity vpn switch",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "nortel",
            "version": "20004.1"
          },
          {
            "model": "cs-mars",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "4.2.1"
          },
          {
            "model": "project snort",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snort",
            "version": "2.4.2"
          },
          {
            "model": "project snort",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snort",
            "version": "2.4.1"
          },
          {
            "model": "project snort",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "snort",
            "version": "2.4.0"
          },
          {
            "model": "networks threat protection system intrusion sensor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "4.1"
          },
          {
            "model": "networks threat protection system defense center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "4.1"
          },
          {
            "model": "project snort",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "snort",
            "version": "2.4.3"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#175500"
          },
          {
            "db": "BID",
            "id": "19077"
          },
          {
            "db": "BID",
            "id": "19071"
          },
          {
            "db": "BID",
            "id": "15131"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002837"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3734"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200607-291"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:cs-mars:4.1.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:cs-mars:4.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:cs-mars:4.1.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:cs-mars:4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-3734"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "These issues were disclosed by the vendor.",
        "sources": [
          {
            "db": "BID",
            "id": "19077"
          },
          {
            "db": "BID",
            "id": "19071"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-3734",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": true,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.2,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2006-3734",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "VHN-19842",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2006-3734",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#175500",
                "trust": 0.8,
                "value": "31.05"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200607-291",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-19842",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#175500"
          },
          {
            "db": "VULHUB",
            "id": "VHN-19842"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002837"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3734"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200607-291"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple unspecified vulnerabilities in the Command Line Interface (CLI) for Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allow local CS-MARS administrators to execute arbitrary commands as root. A buffer overflow exists in the Snort Back Orifice preprocessor that may allow a remote, unauthenticated attacker to execute arbitrary code, possibly with elevated privileges. This may facilitate a remote compromise of affected computers. \nCisco has released version 4.2.1 to address these issues; prior versions are reported vulnerable. Snort is susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the application to securely copy network-derived data into sensitive process buffers. The specific issue exists in the Back Orifice preprocessor. This may facilitate unauthorized access or privilege escalation. \nDue to the nature of this issue, attackers may exploit it by sending a single UDP packet with a potentially spoofed source address to an arbitrary destination address and port. As long as the application can sniff the packet, it may be exploited. These aspects of this issue may aid attackers in bypassing firewalls in order to compromise a wider number of computers. \nReportedly, this issue is difficult to reliably exploit across differing operating systems and compiler versions. Failed exploit attempts likely result in crashing the application, thereby disabling detection of other attacks. \nSnort versions 2.4.0 through 2.4.2 are affected by this issue. Other versions may also be affected, but this has not been confirmed. The CS-MARS CLI is a restricted shell environment that allows authenticated administrators to perform system maintenance tasks. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n                     National Cyber Alert System\n\n               Technical Cyber Security Alert TA05-291A\n\n\nSnort Back Orifice Preprocessor Buffer Overflow\n\n   Original release date: October 18, 2005\n   Last revised: --\n   Source: US-CERT\n\n\nSystems Affected\n\n     * Snort versions 2.4.0 to 2.4.2\n     * Sourcefire Intrusion Sensors\n\n   Other products that use Snort or Snort components may be affected. \n\n\nI. Description\n\n   Snort is a widely-deployed, open-source network intrusion detection\n   system (IDS). Snort and its components are used in other IDS\n   products, notably Sourcefire Intrusion Sensors, and Snort is\n   included with a number of operating system distributions. \n\n   Snort preprocessors are modular plugins that extend functionality\n   by operating on packets before the detection engine is run. The ping detection code does\n   not adequately limit the amount of data that is read from the\n   packet into a fixed-length buffer, thus creating the potential for\n   a buffer overflow. \n\n   The vulnerable code will process any UDP packet that is not\n   destined to or sourced from the default Back Orifice port\n   (31337/udp). An attacker could exploit this vulnerability by\n   sending a specially crafted UDP packet to a host or network\n   monitored by Snort. \n\n   US-CERT is tracking this vulnerability as VU#175500. Further\n   information is available in an advisory from Internet Security\n   Systems (ISS). \n\n\nII. Snort typically runs with root or\n   SYSTEM privileges, so an attacker could take complete control of a\n   vulnerable system. An attacker does not need to target a Snort\n   sensor directly; the attacker can target any host or network\n   monitored by Snort. \n\n\nIII. Solution\n\nUpgrade\n\n   Sourcefire has released Snort 2.4.3 which is available from the\n   Snort download site. For information about other vendors, please\n   see the Systems Affected section of VU#175500. \n\nDisable Back Orifice Preprocessor\n\n   To disable the Back Orifice preprocessor, comment out the line that\n   loads the preprocessor in the Snort configuration file (typically\n   /etc/snort.conf on UNIX and Linux systems):\n\n     [/etc/snort.conf]\n     ... \n     #preprocessor bo\n     ... \n   \n   Restart Snort for the change to take effect. \n\nRestrict Outbound Traffic\n\n   Consider preventing Snort sensors from initiating outbound\n   connections and restricting outbound traffic to only those hosts\n   and networks that have legitimate requirements to communicate with\n   the sensors. While this will not prevent exploitation of the\n   vulnerability, it may make it more difficult for an attacker to\n   access a compromised system or reconnoiter other systems. \n\n\nAppendix A. References\n\n     * US-CERT Vulnerability Note VU#175500 -\n       \u003chttp://www.kb.cert.org/vuls/id/177500\u003e\n\n     * Fixes and Mitigation Instructions Available for Snort Back\n       Orifice Vulnerability -\n       \u003chttp://www.snort.org/pub-bin/snortnews.cgi#99\u003e\n\n     * Snort downloads - \u003chttp://www.snort.org/dl/\u003e\n\n     * Snort 2.4.3 Changelog -\n       \u003chttp://www.snort.org/docs/change_logs/2.4.3/Changelog.txt\u003e\n\n     * Preprocessors -\n       \u003chttp://www.snort.org/docs/snort_htmanuals/htmanual_2.4/\n       node11.html#SECTION00310000000000000000\u003e\n\n     * Snort Back Orifice Parsing Remote Code Execution -\n       \u003chttp://xforce.iss.net/xforce/alerts/id/207\u003e\n\n\n ____________________________________________________________________\n\n   This vulnerability was researched and reported by Internet Security\n   Systems (ISS). \n ____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA05-291A.html\u003e\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA05-291A Feedback VU#175500\" in the\n   subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2005 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\nRevision History\n\n   Oct 18, 2005: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBQ1VB130pj593lg50AQLY6wf+Kq/rI3wxG4rGr+OdVrpl3v+TfTMp6MX3\nT0e99ybRSGKeWQCleMQYdBYrS+7UyCa28T1yE8ENe4SuYLPj7ttTqpd0AGxn7f8H\n+qOY0GnJwXvrWlKCfVtAhjo5JFDxgZQV9P/13MwjcsJrGTtHzhuJ8YZc4RtSMyVX\n4nf2s4Nymjd2+jIEX9BnwRIe/E47TRdFLSsza36mhKZLZV1lxLdJYywCZSsQLWNM\nnL9gohRojR/6wQk8sLjef8LCv2JFu3btsqrrblcTWqfB6GhVR9OSUBhL+b8P/mme\njVd9eE0OS5v8rzhaEMiYIMI+pEZEpATj4BnVoLwPkLAoD6ObGJKHkQ==\n=jjID\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nHardcore Disassembler / Reverse Engineer Wanted!\n\nWant to work with IDA and BinDiff?\nWant to write PoC\u0027s and Exploits?\n\nYour nationality is not important. \nWe will get you a work permit, find an apartment, and offer a\nrelocation compensation package. \n\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nCS-MARS Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA21118\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21118/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSecurity Bypass, Exposure of system information, System access\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nCisco Security Monitoring, Analysis and Response System (CS-MARS) 4.x\nhttp://secunia.com/product/6780/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in CS-MARS, which can be\nexploited by malicious, local users to bypass certain security\nrestrictions and malicious people to gain knowledge of system\ninformation and compromise a vulnerable system. \n\n2) The included JBoss web application server is also affected by an\ninformation disclosure weakness. \n\nCS-MARS also ships with an Oracle database containing several default\nOracle accounts with well-known passwords. \n\nSOLUTION:\nUpdate to version 4.2.1 or later. \n\nPROVIDED AND/OR DISCOVERED BY:\n1+2) Jon Hart\n3) Reported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml\n\nOTHER REFERENCES:\nSA15746:\nhttp://secunia.com/advisories/15746/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nThe vulnerability is caused due to a boundary error in the handling\nof Back Orifice packets. \n\nAlternatively, disable the Back Orifice pre-processor",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-3734"
          },
          {
            "db": "CERT/CC",
            "id": "VU#175500"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002837"
          },
          {
            "db": "BID",
            "id": "19077"
          },
          {
            "db": "BID",
            "id": "19071"
          },
          {
            "db": "BID",
            "id": "15131"
          },
          {
            "db": "VULHUB",
            "id": "VHN-19842"
          },
          {
            "db": "PACKETSTORM",
            "id": "40869"
          },
          {
            "db": "PACKETSTORM",
            "id": "48383"
          },
          {
            "db": "PACKETSTORM",
            "id": "40766"
          }
        ],
        "trust": 3.51
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-19842",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-19842"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2006-3734",
            "trust": 2.5
          },
          {
            "db": "BID",
            "id": "19071",
            "trust": 2.0
          },
          {
            "db": "BID",
            "id": "19077",
            "trust": 2.0
          },
          {
            "db": "SECUNIA",
            "id": "21118",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016537",
            "trust": 1.7
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-2887",
            "trust": 1.7
          },
          {
            "db": "CERT/CC",
            "id": "VU#175500",
            "trust": 1.2
          },
          {
            "db": "SECUNIA",
            "id": "17220",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002837",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200607-291",
            "trust": 0.7
          },
          {
            "db": "XF",
            "id": "27812",
            "trust": 0.6
          },
          {
            "db": "CISCO",
            "id": "20060719 MULTIPLE VULNERABILITIES IN CISCO SECURITY MONITORING, ANALYSIS AND RESPONSE SYSTEM (CS-MARS)",
            "trust": 0.6
          },
          {
            "db": "USCERT",
            "id": "TA05-291A",
            "trust": 0.4
          },
          {
            "db": "BID",
            "id": "15131",
            "trust": 0.3
          },
          {
            "db": "EXPLOIT-DB",
            "id": "2048",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-63733",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-19842",
            "trust": 0.1
          },
          {
            "db": "CERT/CC",
            "id": "VU#177500",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "40869",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "48383",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "40766",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#175500"
          },
          {
            "db": "VULHUB",
            "id": "VHN-19842"
          },
          {
            "db": "BID",
            "id": "19077"
          },
          {
            "db": "BID",
            "id": "19071"
          },
          {
            "db": "BID",
            "id": "15131"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002837"
          },
          {
            "db": "PACKETSTORM",
            "id": "40869"
          },
          {
            "db": "PACKETSTORM",
            "id": "48383"
          },
          {
            "db": "PACKETSTORM",
            "id": "40766"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3734"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200607-291"
          }
        ]
      },
      "id": "VAR-200607-0506",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-19842"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T11:07:54.504000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "cisco-sa-20060719-mars",
            "trust": 0.8,
            "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20060719-mars"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002837"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-3734"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/19071"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/19077"
          },
          {
            "trust": 1.7,
            "url": "http://securitytracker.com/id?1016537"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/21118"
          },
          {
            "trust": 1.2,
            "url": "http://xforce.iss.net/xforce/alerts/id/207"
          },
          {
            "trust": 1.1,
            "url": "http://www.vupen.com/english/advisories/2006/2887"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27812"
          },
          {
            "trust": 0.9,
            "url": "http://www.snort.org/pub-bin/snortnews.cgi#99"
          },
          {
            "trust": 0.9,
            "url": "http://secunia.com/advisories/17220/"
          },
          {
            "trust": 0.8,
            "url": "http://www.snort.org/docs/change_logs/2.4.3/changelog.txt"
          },
          {
            "trust": 0.8,
            "url": "http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/node11.html#section00310000000000000000"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3734"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3734"
          },
          {
            "trust": 0.6,
            "url": "http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html"
          },
          {
            "trust": 0.6,
            "url": "http://www.cisco.com/en/us/products/ps6241/index.html"
          },
          {
            "trust": 0.6,
            "url": "/archive/1/440580"
          },
          {
            "trust": 0.6,
            "url": "http://www.frsirt.com/english/advisories/2006/2887"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/27812"
          },
          {
            "trust": 0.4,
            "url": "http://www.kb.cert.org/vuls/id/175500"
          },
          {
            "trust": 0.3,
            "url": "http://www.snort.org/rules/advisories/snort_update_20051018.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.snort.org/"
          },
          {
            "trust": 0.3,
            "url": "http://www.snort.org/pub-bin/snortnews.cgi"
          },
          {
            "trust": 0.3,
            "url": "http://www.us-cert.gov/cas/techalerts/ta05-291a.html"
          },
          {
            "trust": 0.3,
            "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=bltndetail\u0026documentoid=362187\u0026renditionid="
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/secunia_security_advisories/"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://xforce.iss.net/xforce/alerts/id/207\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/"
          },
          {
            "trust": 0.1,
            "url": "http://www.us-cert.gov/cas/techalerts/ta05-291a.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.snort.org/docs/change_logs/2.4.3/changelog.txt\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.snort.org/dl/\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.us-cert.gov/cas/signup.html\u003e."
          },
          {
            "trust": 0.1,
            "url": "http://www.us-cert.gov/legal.html\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.snort.org/pub-bin/snortnews.cgi#99\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://www.kb.cert.org/vuls/id/177500\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/6780/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/15746/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/21118/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/5691/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#175500"
          },
          {
            "db": "VULHUB",
            "id": "VHN-19842"
          },
          {
            "db": "BID",
            "id": "19077"
          },
          {
            "db": "BID",
            "id": "19071"
          },
          {
            "db": "BID",
            "id": "15131"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002837"
          },
          {
            "db": "PACKETSTORM",
            "id": "40869"
          },
          {
            "db": "PACKETSTORM",
            "id": "48383"
          },
          {
            "db": "PACKETSTORM",
            "id": "40766"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3734"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200607-291"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#175500"
          },
          {
            "db": "VULHUB",
            "id": "VHN-19842"
          },
          {
            "db": "BID",
            "id": "19077"
          },
          {
            "db": "BID",
            "id": "19071"
          },
          {
            "db": "BID",
            "id": "15131"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-002837"
          },
          {
            "db": "PACKETSTORM",
            "id": "40869"
          },
          {
            "db": "PACKETSTORM",
            "id": "48383"
          },
          {
            "db": "PACKETSTORM",
            "id": "40766"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3734"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200607-291"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2005-10-18T00:00:00",
            "db": "CERT/CC",
            "id": "VU#175500"
          },
          {
            "date": "2006-07-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-19842"
          },
          {
            "date": "2006-07-19T00:00:00",
            "db": "BID",
            "id": "19077"
          },
          {
            "date": "2006-07-19T00:00:00",
            "db": "BID",
            "id": "19071"
          },
          {
            "date": "2005-10-18T00:00:00",
            "db": "BID",
            "id": "15131"
          },
          {
            "date": "2012-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-002837"
          },
          {
            "date": "2005-10-24T23:41:37",
            "db": "PACKETSTORM",
            "id": "40869"
          },
          {
            "date": "2006-07-20T08:48:26",
            "db": "PACKETSTORM",
            "id": "48383"
          },
          {
            "date": "2005-10-18T22:10:31",
            "db": "PACKETSTORM",
            "id": "40766"
          },
          {
            "date": "2006-07-21T14:03:00",
            "db": "NVD",
            "id": "CVE-2006-3734"
          },
          {
            "date": "2006-07-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200607-291"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2005-11-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#175500"
          },
          {
            "date": "2017-07-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-19842"
          },
          {
            "date": "2006-07-20T18:27:00",
            "db": "BID",
            "id": "19077"
          },
          {
            "date": "2006-07-20T18:52:00",
            "db": "BID",
            "id": "19071"
          },
          {
            "date": "2005-10-18T00:00:00",
            "db": "BID",
            "id": "15131"
          },
          {
            "date": "2012-12-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-002837"
          },
          {
            "date": "2017-07-20T01:32:32.210000",
            "db": "NVD",
            "id": "CVE-2006-3734"
          },
          {
            "date": "2006-08-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200607-291"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "19077"
          },
          {
            "db": "PACKETSTORM",
            "id": "48383"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200607-291"
          }
        ],
        "trust": 1.0
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Snort Back Orifice preprocessor buffer overflow",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#175500"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Design Error",
        "sources": [
          {
            "db": "BID",
            "id": "19077"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200607-291"
          }
        ],
        "trust": 0.9
      }
    }

    CVE-2010-2306 (GCVE-0-2010-2306)

    Vulnerability from nvd – Published: 2010-06-16 20:00 – Updated: 2024-08-07 02:32
    VLAI
    Summary
    The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle (MITM) attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2010-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:32:15.528Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "65470",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/65470"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.sourcefire.com/notices/notice/1437"
              },
              {
                "name": "40143",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/40143"
              },
              {
                "name": "1024092",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1024092"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-107/"
              },
              {
                "name": "ADV-2010-1438",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/1438"
              },
              {
                "name": "20100610 ZDI-10-107: Multiple Sourcefire Products Static Web SSL Keys Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/511792/100/0/threaded"
              },
              {
                "name": "sourcefire3d-ssl-mitm(59380)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59380"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle (MITM) attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "65470",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/65470"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.sourcefire.com/notices/notice/1437"
            },
            {
              "name": "40143",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/40143"
            },
            {
              "name": "1024092",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1024092"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-107/"
            },
            {
              "name": "ADV-2010-1438",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/1438"
            },
            {
              "name": "20100610 ZDI-10-107: Multiple Sourcefire Products Static Web SSL Keys Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/511792/100/0/threaded"
            },
            {
              "name": "sourcefire3d-ssl-mitm(59380)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59380"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-2306",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle (MITM) attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "65470",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/65470"
                },
                {
                  "name": "https://support.sourcefire.com/notices/notice/1437",
                  "refsource": "MISC",
                  "url": "https://support.sourcefire.com/notices/notice/1437"
                },
                {
                  "name": "40143",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/40143"
                },
                {
                  "name": "1024092",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1024092"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-107/",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-107/"
                },
                {
                  "name": "ADV-2010-1438",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/1438"
                },
                {
                  "name": "20100610 ZDI-10-107: Multiple Sourcefire Products Static Web SSL Keys Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/511792/100/0/threaded"
                },
                {
                  "name": "sourcefire3d-ssl-mitm(59380)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59380"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-2306",
        "datePublished": "2010-06-16T20:00:00.000Z",
        "dateReserved": "2010-06-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:32:15.528Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-2344 (GCVE-0-2009-2344)

    Vulnerability from nvd – Published: 2009-07-07 19:00 – Updated: 2024-08-07 05:44
    VLAI
    Summary
    The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/35658 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1022500 vdb-entryx_refsource_SECTRACK
    http://www.exploit-db.com/exploits/9074 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/archive/1/504694/100… mailing-listx_refsource_BUGTRAQ
    http://www.vupen.com/english/advisories/2009/1785 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/35553 vdb-entryx_refsource_BID
    Date Public
    2009-07-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:44:55.955Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "35658",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35658"
              },
              {
                "name": "1022500",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1022500"
              },
              {
                "name": "9074",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/9074"
              },
              {
                "name": "20090701 Sourcefire 3D Sensor and DC, privilege escalation vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/504694/100/0/threaded"
              },
              {
                "name": "ADV-2009-1785",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1785"
              },
              {
                "name": "35553",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/35553"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-07-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "35658",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35658"
            },
            {
              "name": "1022500",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1022500"
            },
            {
              "name": "9074",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/9074"
            },
            {
              "name": "20090701 Sourcefire 3D Sensor and DC, privilege escalation vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/504694/100/0/threaded"
            },
            {
              "name": "ADV-2009-1785",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1785"
            },
            {
              "name": "35553",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/35553"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-2344",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "35658",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35658"
                },
                {
                  "name": "1022500",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1022500"
                },
                {
                  "name": "9074",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/9074"
                },
                {
                  "name": "20090701 Sourcefire 3D Sensor and DC, privilege escalation vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/504694/100/0/threaded"
                },
                {
                  "name": "ADV-2009-1785",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1785"
                },
                {
                  "name": "35553",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/35553"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-2344",
        "datePublished": "2009-07-07T19:00:00.000Z",
        "dateReserved": "2009-07-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:44:55.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5276 (GCVE-0-2006-5276)

    Vulnerability from nvd – Published: 2007-02-20 00:00 – Updated: 2024-08-07 19:48
    VLAI
    Summary
    Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.us-cert.gov/cas/techalerts/TA07-050A.html third-party-advisoryx_refsource_CERT
    http://www.kb.cert.org/vuls/id/196240 third-party-advisoryx_refsource_CERT-VN
    http://www116.nortelnetworks.com/pub/repository/C… x_refsource_CONFIRM
    http://security.gentoo.org/glsa/glsa-200703-01.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/26746 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/461810/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/24190 third-party-advisoryx_refsource_SECUNIA
    http://www.snort.org/docs/advisory-2007-02-19.html x_refsource_CONFIRM
    http://secunia.com/advisories/24239 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/24272 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/0656 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://fedoranews.org/updates/FEDORA-2007-206.shtml vendor-advisoryx_refsource_FEDORA
    http://www.vupen.com/english/advisories/2007/0668 vdb-entryx_refsource_VUPEN
    http://www.osvdb.org/32094 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/24235 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1017670 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/24240 third-party-advisoryx_refsource_SECUNIA
    http://iss.net/threats/257.html third-party-advisoryx_refsource_ISS
    http://www.securityfocus.com/bid/22616 vdb-entryx_refsource_BID
    http://www130.nortelnetworks.com/go/main.jsp?csca… x_refsource_CONFIRM
    https://www.exploit-db.com/exploits/3362 exploitx_refsource_EXPLOIT-DB
    https://bugzilla.redhat.com/show_bug.cgi?id=229265 x_refsource_MISC
    http://www.securitytracker.com/id?1017669 vdb-entryx_refsource_SECTRACK
    Date Public
    2007-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:48:28.530Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "TA07-050A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA07-050A.html"
              },
              {
                "name": "VU#196240",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/196240"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www116.nortelnetworks.com/pub/repository/CLARIFY/DOCUMENT/2007/08/021923-01.pdf"
              },
              {
                "name": "GLSA-200703-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200703-01.xml"
              },
              {
                "name": "26746",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26746"
              },
              {
                "name": "20070303 ERRATA: [ GLSA 200703-01 ] Snort: Remote execution of arbitrary code",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/461810/100/0/threaded"
              },
              {
                "name": "24190",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24190"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.snort.org/docs/advisory-2007-02-19.html"
              },
              {
                "name": "24239",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24239"
              },
              {
                "name": "24272",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24272"
              },
              {
                "name": "ADV-2007-0656",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0656"
              },
              {
                "name": "smb-bo(31275)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31275"
              },
              {
                "name": "FEDORA-2007-2060",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://fedoranews.org/updates/FEDORA-2007-206.shtml"
              },
              {
                "name": "ADV-2007-0668",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0668"
              },
              {
                "name": "32094",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/32094"
              },
              {
                "name": "24235",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24235"
              },
              {
                "name": "1017670",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017670"
              },
              {
                "name": "24240",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24240"
              },
              {
                "name": "20070219 Sourcefire Snort Remote Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_ISS",
                  "x_transferred"
                ],
                "url": "http://iss.net/threats/257.html"
              },
              {
                "name": "22616",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22616"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=540173"
              },
              {
                "name": "3362",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/3362"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=229265"
              },
              {
                "name": "1017669",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017669"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "TA07-050A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-050A.html"
            },
            {
              "name": "VU#196240",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/196240"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www116.nortelnetworks.com/pub/repository/CLARIFY/DOCUMENT/2007/08/021923-01.pdf"
            },
            {
              "name": "GLSA-200703-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200703-01.xml"
            },
            {
              "name": "26746",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26746"
            },
            {
              "name": "20070303 ERRATA: [ GLSA 200703-01 ] Snort: Remote execution of arbitrary code",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/461810/100/0/threaded"
            },
            {
              "name": "24190",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24190"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.snort.org/docs/advisory-2007-02-19.html"
            },
            {
              "name": "24239",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24239"
            },
            {
              "name": "24272",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24272"
            },
            {
              "name": "ADV-2007-0656",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0656"
            },
            {
              "name": "smb-bo(31275)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31275"
            },
            {
              "name": "FEDORA-2007-2060",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://fedoranews.org/updates/FEDORA-2007-206.shtml"
            },
            {
              "name": "ADV-2007-0668",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0668"
            },
            {
              "name": "32094",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/32094"
            },
            {
              "name": "24235",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24235"
            },
            {
              "name": "1017670",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017670"
            },
            {
              "name": "24240",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24240"
            },
            {
              "name": "20070219 Sourcefire Snort Remote Buffer Overflow",
              "tags": [
                "third-party-advisory",
                "x_refsource_ISS"
              ],
              "url": "http://iss.net/threats/257.html"
            },
            {
              "name": "22616",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22616"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=540173"
            },
            {
              "name": "3362",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/3362"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=229265"
            },
            {
              "name": "1017669",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017669"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5276",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "TA07-050A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA07-050A.html"
                },
                {
                  "name": "VU#196240",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/196240"
                },
                {
                  "name": "http://www116.nortelnetworks.com/pub/repository/CLARIFY/DOCUMENT/2007/08/021923-01.pdf",
                  "refsource": "CONFIRM",
                  "url": "http://www116.nortelnetworks.com/pub/repository/CLARIFY/DOCUMENT/2007/08/021923-01.pdf"
                },
                {
                  "name": "GLSA-200703-01",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200703-01.xml"
                },
                {
                  "name": "26746",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26746"
                },
                {
                  "name": "20070303 ERRATA: [ GLSA 200703-01 ] Snort: Remote execution of arbitrary code",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/461810/100/0/threaded"
                },
                {
                  "name": "24190",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24190"
                },
                {
                  "name": "http://www.snort.org/docs/advisory-2007-02-19.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.snort.org/docs/advisory-2007-02-19.html"
                },
                {
                  "name": "24239",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24239"
                },
                {
                  "name": "24272",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24272"
                },
                {
                  "name": "ADV-2007-0656",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0656"
                },
                {
                  "name": "smb-bo(31275)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31275"
                },
                {
                  "name": "FEDORA-2007-2060",
                  "refsource": "FEDORA",
                  "url": "http://fedoranews.org/updates/FEDORA-2007-206.shtml"
                },
                {
                  "name": "ADV-2007-0668",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0668"
                },
                {
                  "name": "32094",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/32094"
                },
                {
                  "name": "24235",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24235"
                },
                {
                  "name": "1017670",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017670"
                },
                {
                  "name": "24240",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24240"
                },
                {
                  "name": "20070219 Sourcefire Snort Remote Buffer Overflow",
                  "refsource": "ISS",
                  "url": "http://iss.net/threats/257.html"
                },
                {
                  "name": "22616",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22616"
                },
                {
                  "name": "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=540173",
                  "refsource": "CONFIRM",
                  "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=540173"
                },
                {
                  "name": "3362",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/3362"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=229265",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=229265"
                },
                {
                  "name": "1017669",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017669"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5276",
        "datePublished": "2007-02-20T00:00:00.000Z",
        "dateReserved": "2006-10-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:48:28.530Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-2769 (GCVE-0-2006-2769)

    Vulnerability from nvd – Published: 2006-06-02 10:00 – Updated: 2024-08-07 17:58
    VLAI
    Summary
    The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass "uricontent" rules via a carriage return (\r) after the URL and before the HTTP declaration.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/435872/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/435734/100… mailing-listx_refsource_BUGTRAQ
    http://www.demarc.com/support/downloads/patch_20060531 x_refsource_MISC
    http://secunia.com/advisories/20766 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/18200 vdb-entryx_refsource_BID
    http://secunia.com/advisories/20413 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/435600/100… mailing-listx_refsource_BUGTRAQ
    http://www.vupen.com/english/advisories/2006/2119 vdb-entryx_refsource_VUPEN
    http://securityreason.com/securityalert/1018 third-party-advisoryx_refsource_SREASON
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.osvdb.org/25837 vdb-entryx_refsource_OSVDB
    http://lists.suse.com/archive/suse-security-annou… vendor-advisoryx_refsource_SUSE
    http://securitytracker.com/id?1016191 vdb-entryx_refsource_SECTRACK
    http://marc.info/?l=snort-devel&m=114909074311462&w=2 mailing-listx_refsource_MLIST
    http://www.snort.org/pub-bin/snortnews.cgi#431 x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/435797/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2006-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:58:52.058Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060603 Re: New Snort Bypass - Patch - Bypass of Patch",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/435872/100/0/threaded"
              },
              {
                "name": "20060602 New Snort Bypass - Patch - Bypass of Patch",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/435734/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.demarc.com/support/downloads/patch_20060531"
              },
              {
                "name": "20766",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20766"
              },
              {
                "name": "18200",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18200"
              },
              {
                "name": "20413",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20413"
              },
              {
                "name": "20060601 Snort HTTP Inspect Pre-Processor Uricontent Bypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/435600/100/0/threaded"
              },
              {
                "name": "ADV-2006-2119",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2119"
              },
              {
                "name": "1018",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1018"
              },
              {
                "name": "snort-uricontent-rule-bypass(26855)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26855"
              },
              {
                "name": "25837",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/25837"
              },
              {
                "name": "SUSE-SR:2006:014",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html"
              },
              {
                "name": "1016191",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016191"
              },
              {
                "name": "[Snort-devel] 20060531 Snort Uricontent Bypass Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=snort-devel\u0026m=114909074311462\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.snort.org/pub-bin/snortnews.cgi#431"
              },
              {
                "name": "20060602 Re: New Snort Bypass - Patch - Bypass of Patch",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/435797/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass \"uricontent\" rules via a carriage return (\\r) after the URL and before the HTTP declaration."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060603 Re: New Snort Bypass - Patch - Bypass of Patch",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/435872/100/0/threaded"
            },
            {
              "name": "20060602 New Snort Bypass - Patch - Bypass of Patch",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/435734/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.demarc.com/support/downloads/patch_20060531"
            },
            {
              "name": "20766",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20766"
            },
            {
              "name": "18200",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18200"
            },
            {
              "name": "20413",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20413"
            },
            {
              "name": "20060601 Snort HTTP Inspect Pre-Processor Uricontent Bypass",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/435600/100/0/threaded"
            },
            {
              "name": "ADV-2006-2119",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2119"
            },
            {
              "name": "1018",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1018"
            },
            {
              "name": "snort-uricontent-rule-bypass(26855)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26855"
            },
            {
              "name": "25837",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/25837"
            },
            {
              "name": "SUSE-SR:2006:014",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html"
            },
            {
              "name": "1016191",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016191"
            },
            {
              "name": "[Snort-devel] 20060531 Snort Uricontent Bypass Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=snort-devel\u0026m=114909074311462\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.snort.org/pub-bin/snortnews.cgi#431"
            },
            {
              "name": "20060602 Re: New Snort Bypass - Patch - Bypass of Patch",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/435797/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-2769",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass \"uricontent\" rules via a carriage return (\\r) after the URL and before the HTTP declaration."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060603 Re: New Snort Bypass - Patch - Bypass of Patch",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/435872/100/0/threaded"
                },
                {
                  "name": "20060602 New Snort Bypass - Patch - Bypass of Patch",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/435734/100/0/threaded"
                },
                {
                  "name": "http://www.demarc.com/support/downloads/patch_20060531",
                  "refsource": "MISC",
                  "url": "http://www.demarc.com/support/downloads/patch_20060531"
                },
                {
                  "name": "20766",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20766"
                },
                {
                  "name": "18200",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18200"
                },
                {
                  "name": "20413",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20413"
                },
                {
                  "name": "20060601 Snort HTTP Inspect Pre-Processor Uricontent Bypass",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/435600/100/0/threaded"
                },
                {
                  "name": "ADV-2006-2119",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2119"
                },
                {
                  "name": "1018",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1018"
                },
                {
                  "name": "snort-uricontent-rule-bypass(26855)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26855"
                },
                {
                  "name": "25837",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/25837"
                },
                {
                  "name": "SUSE-SR:2006:014",
                  "refsource": "SUSE",
                  "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html"
                },
                {
                  "name": "1016191",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016191"
                },
                {
                  "name": "[Snort-devel] 20060531 Snort Uricontent Bypass Vulnerability",
                  "refsource": "MLIST",
                  "url": "http://marc.info/?l=snort-devel\u0026m=114909074311462\u0026w=2"
                },
                {
                  "name": "http://www.snort.org/pub-bin/snortnews.cgi#431",
                  "refsource": "CONFIRM",
                  "url": "http://www.snort.org/pub-bin/snortnews.cgi#431"
                },
                {
                  "name": "20060602 Re: New Snort Bypass - Patch - Bypass of Patch",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/435797/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-2769",
        "datePublished": "2006-06-02T10:00:00.000Z",
        "dateReserved": "2006-06-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:58:52.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-0839 (GCVE-0-2006-0839)

    Vulnerability from nvd – Published: 2006-02-22 02:00 – Updated: 2024-08-07 16:48
    VLAI
    Summary
    The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/425290/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/16705 vdb-entryx_refsource_BID
    http://secunia.com/advisories/18959 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2006-02-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:48:56.548Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060217 SNORT Incorrect fragmented packet reassembly",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/425290/100/0/threaded"
              },
              {
                "name": "16705",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/16705"
              },
              {
                "name": "18959",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18959"
              },
              {
                "name": "snort-frag3-detection-bypass(24811)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24811"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-02-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060217 SNORT Incorrect fragmented packet reassembly",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/425290/100/0/threaded"
            },
            {
              "name": "16705",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/16705"
            },
            {
              "name": "18959",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18959"
            },
            {
              "name": "snort-frag3-detection-bypass(24811)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24811"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-0839",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060217 SNORT Incorrect fragmented packet reassembly",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/425290/100/0/threaded"
                },
                {
                  "name": "16705",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/16705"
                },
                {
                  "name": "18959",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18959"
                },
                {
                  "name": "snort-frag3-detection-bypass(24811)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24811"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-0839",
        "datePublished": "2006-02-22T02:00:00.000Z",
        "dateReserved": "2006-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:48:56.548Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-3252 (GCVE-0-2005-3252)

    Vulnerability from nvd – Published: 2005-10-18 04:00 – Updated: 2024-08-07 23:01
    VLAI
    Summary
    Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/175500 third-party-advisoryx_refsource_CERT-VN
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    http://www130.nortelnetworks.com/cgi-bin/eserv/cs… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/15131 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2005/2138 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/17559 third-party-advisoryx_refsource_SECUNIA
    http://xforce.iss.net/xforce/alerts/id/207 third-party-advisoryx_refsource_ISS
    http://www.osvdb.org/20034 vdb-entryx_refsource_OSVDB
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    http://www.snort.org/docs/change_logs/2.4.3/Chang… x_refsource_CONFIRM
    http://secunia.com/advisories/17220 third-party-advisoryx_refsource_SECUNIA
    http://www130.nortelnetworks.com/cgi-bin/eserv/cs… x_refsource_CONFIRM
    http://www.us-cert.gov/cas/techalerts/TA05-291A.html third-party-advisoryx_refsource_CERT
    http://securitytracker.com/id?1015070 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/17255 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2005-10-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:01:59.077Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#175500",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/175500"
              },
              {
                "name": "20051025 Snort\u0027s BO pre-processor exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0505.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=362187\u0026RenditionID="
              },
              {
                "name": "15131",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15131"
              },
              {
                "name": "ADV-2005-2138",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/2138"
              },
              {
                "name": "17559",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17559"
              },
              {
                "name": "20051018 Snort Back Orifice Parsing Remote Code Execution",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_ISS",
                  "x_transferred"
                ],
                "url": "http://xforce.iss.net/xforce/alerts/id/207"
              },
              {
                "name": "20034",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/20034"
              },
              {
                "name": "20051101 Snort Back Orifice Preprocessor Exploit (Win32 targets)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0010.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.snort.org/docs/change_logs/2.4.3/Changelog.txt"
              },
              {
                "name": "17220",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17220"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=363396\u0026RenditionID="
              },
              {
                "name": "TA05-291A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA05-291A.html"
              },
              {
                "name": "1015070",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015070"
              },
              {
                "name": "17255",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17255"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-10-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-11-04T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "VU#175500",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/175500"
            },
            {
              "name": "20051025 Snort\u0027s BO pre-processor exploit",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0505.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=362187\u0026RenditionID="
            },
            {
              "name": "15131",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15131"
            },
            {
              "name": "ADV-2005-2138",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/2138"
            },
            {
              "name": "17559",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17559"
            },
            {
              "name": "20051018 Snort Back Orifice Parsing Remote Code Execution",
              "tags": [
                "third-party-advisory",
                "x_refsource_ISS"
              ],
              "url": "http://xforce.iss.net/xforce/alerts/id/207"
            },
            {
              "name": "20034",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/20034"
            },
            {
              "name": "20051101 Snort Back Orifice Preprocessor Exploit (Win32 targets)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0010.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.snort.org/docs/change_logs/2.4.3/Changelog.txt"
            },
            {
              "name": "17220",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17220"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=363396\u0026RenditionID="
            },
            {
              "name": "TA05-291A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA05-291A.html"
            },
            {
              "name": "1015070",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015070"
            },
            {
              "name": "17255",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17255"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-3252",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#175500",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/175500"
                },
                {
                  "name": "20051025 Snort\u0027s BO pre-processor exploit",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0505.html"
                },
                {
                  "name": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=362187\u0026RenditionID=",
                  "refsource": "CONFIRM",
                  "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=362187\u0026RenditionID="
                },
                {
                  "name": "15131",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15131"
                },
                {
                  "name": "ADV-2005-2138",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/2138"
                },
                {
                  "name": "17559",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17559"
                },
                {
                  "name": "20051018 Snort Back Orifice Parsing Remote Code Execution",
                  "refsource": "ISS",
                  "url": "http://xforce.iss.net/xforce/alerts/id/207"
                },
                {
                  "name": "20034",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/20034"
                },
                {
                  "name": "20051101 Snort Back Orifice Preprocessor Exploit (Win32 targets)",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0010.html"
                },
                {
                  "name": "http://www.snort.org/docs/change_logs/2.4.3/Changelog.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.snort.org/docs/change_logs/2.4.3/Changelog.txt"
                },
                {
                  "name": "17220",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17220"
                },
                {
                  "name": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=363396\u0026RenditionID=",
                  "refsource": "CONFIRM",
                  "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=363396\u0026RenditionID="
                },
                {
                  "name": "TA05-291A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA05-291A.html"
                },
                {
                  "name": "1015070",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015070"
                },
                {
                  "name": "17255",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17255"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-3252",
        "datePublished": "2005-10-18T04:00:00.000Z",
        "dateReserved": "2005-10-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:01:59.077Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-2652 (GCVE-0-2004-2652)

    Vulnerability from nvd – Published: 2005-12-18 22:00 – Updated: 2024-08-08 01:36
    VLAI
    Summary
    The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packets with invalid TCP/IP options, which trigger a null dereference.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2004-12-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:36:24.604Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1012656",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1012656"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.frsirt.com/exploits/20041222.angelDust.c.php"
              },
              {
                "name": "snort-tcpip-printing-dos(18689)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18689"
              },
              {
                "name": "12084",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/12084"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securiteam.com/exploits/6X00L20C0S.html"
              },
              {
                "name": "12578",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/12578"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.snort.org/arc_news/"
              },
              {
                "name": "13664",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/13664"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://taosecurity.blogspot.com/2004/12/details-on-snort-dos-condition-you-may.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-12-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packets with invalid TCP/IP options, which trigger a null dereference."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1012656",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1012656"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.frsirt.com/exploits/20041222.angelDust.c.php"
            },
            {
              "name": "snort-tcpip-printing-dos(18689)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18689"
            },
            {
              "name": "12084",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/12084"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securiteam.com/exploits/6X00L20C0S.html"
            },
            {
              "name": "12578",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/12578"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.snort.org/arc_news/"
            },
            {
              "name": "13664",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/13664"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://taosecurity.blogspot.com/2004/12/details-on-snort-dos-condition-you-may.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-2652",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packets with invalid TCP/IP options, which trigger a null dereference."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1012656",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1012656"
                },
                {
                  "name": "http://www.frsirt.com/exploits/20041222.angelDust.c.php",
                  "refsource": "MISC",
                  "url": "http://www.frsirt.com/exploits/20041222.angelDust.c.php"
                },
                {
                  "name": "snort-tcpip-printing-dos(18689)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18689"
                },
                {
                  "name": "12084",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/12084"
                },
                {
                  "name": "http://www.securiteam.com/exploits/6X00L20C0S.html",
                  "refsource": "MISC",
                  "url": "http://www.securiteam.com/exploits/6X00L20C0S.html"
                },
                {
                  "name": "12578",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/12578"
                },
                {
                  "name": "http://www.snort.org/arc_news/",
                  "refsource": "CONFIRM",
                  "url": "http://www.snort.org/arc_news/"
                },
                {
                  "name": "13664",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/13664"
                },
                {
                  "name": "http://taosecurity.blogspot.com/2004/12/details-on-snort-dos-condition-you-may.html",
                  "refsource": "MISC",
                  "url": "http://taosecurity.blogspot.com/2004/12/details-on-snort-dos-condition-you-may.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-2652",
        "datePublished": "2005-12-18T22:00:00.000Z",
        "dateReserved": "2005-12-18T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:36:24.604Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-0209 (GCVE-0-2003-0209)

    Vulnerability from nvd – Published: 2003-04-16 04:00 – Updated: 2024-08-08 01:43
    VLAI
    Summary
    Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://marc.info/?l=bugtraq&m=105103586927007&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/7178 vdb-entryx_refsource_BID
    http://www.cert.org/advisories/CA-2003-13.html third-party-advisoryx_refsource_CERT
    http://marc.info/?l=bugtraq&m=105043563016235&w=2 mailing-listx_refsource_BUGTRAQ
    http://marc.info/?l=bugtraq&m=105172790914107&w=2 vendor-advisoryx_refsource_ENGARDE
    http://www.kb.cert.org/vuls/id/139129 third-party-advisoryx_refsource_CERT-VN
    http://www.debian.org/security/2003/dsa-297 vendor-advisoryx_refsource_DEBIAN
    http://marc.info/?l=bugtraq&m=105111217731583&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRAKE
    http://www.coresecurity.com/common/showdoc.php?id… x_refsource_MISC
    http://marc.info/?l=bugtraq&m=105154530427824&w=2 mailing-listx_refsource_BUGTRAQ
    Date Public
    2003-04-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:43:36.113Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20030422 GLSA:  snort (200304-05)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=105103586927007\u0026w=2"
              },
              {
                "name": "7178",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/7178"
              },
              {
                "name": "CA-2003-13",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.cert.org/advisories/CA-2003-13.html"
              },
              {
                "name": "20030415 CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=105043563016235\u0026w=2"
              },
              {
                "name": "ESA-20030430-013",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ENGARDE",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=105172790914107\u0026w=2"
              },
              {
                "name": "VU#139129",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/139129"
              },
              {
                "name": "DSA-297",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2003/dsa-297"
              },
              {
                "name": "20030423 Snort \u003c=1.9.1 exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=105111217731583\u0026w=2"
              },
              {
                "name": "MDKSA-2003:052",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:052"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.coresecurity.com/common/showdoc.php?idx=313\u0026idxseccion=10"
              },
              {
                "name": "20030428 GLSA:  snort (200304-06)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=105154530427824\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-04-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-10-17T13:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20030422 GLSA:  snort (200304-05)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=105103586927007\u0026w=2"
            },
            {
              "name": "7178",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/7178"
            },
            {
              "name": "CA-2003-13",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.cert.org/advisories/CA-2003-13.html"
            },
            {
              "name": "20030415 CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=105043563016235\u0026w=2"
            },
            {
              "name": "ESA-20030430-013",
              "tags": [
                "vendor-advisory",
                "x_refsource_ENGARDE"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=105172790914107\u0026w=2"
            },
            {
              "name": "VU#139129",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/139129"
            },
            {
              "name": "DSA-297",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2003/dsa-297"
            },
            {
              "name": "20030423 Snort \u003c=1.9.1 exploit",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=105111217731583\u0026w=2"
            },
            {
              "name": "MDKSA-2003:052",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:052"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.coresecurity.com/common/showdoc.php?idx=313\u0026idxseccion=10"
            },
            {
              "name": "20030428 GLSA:  snort (200304-06)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=105154530427824\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0209",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20030422 GLSA:  snort (200304-05)",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=105103586927007\u0026w=2"
                },
                {
                  "name": "7178",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/7178"
                },
                {
                  "name": "CA-2003-13",
                  "refsource": "CERT",
                  "url": "http://www.cert.org/advisories/CA-2003-13.html"
                },
                {
                  "name": "20030415 CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=105043563016235\u0026w=2"
                },
                {
                  "name": "ESA-20030430-013",
                  "refsource": "ENGARDE",
                  "url": "http://marc.info/?l=bugtraq\u0026m=105172790914107\u0026w=2"
                },
                {
                  "name": "VU#139129",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/139129"
                },
                {
                  "name": "DSA-297",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2003/dsa-297"
                },
                {
                  "name": "20030423 Snort \u003c=1.9.1 exploit",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=105111217731583\u0026w=2"
                },
                {
                  "name": "MDKSA-2003:052",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:052"
                },
                {
                  "name": "http://www.coresecurity.com/common/showdoc.php?idx=313\u0026idxseccion=10",
                  "refsource": "MISC",
                  "url": "http://www.coresecurity.com/common/showdoc.php?idx=313\u0026idxseccion=10"
                },
                {
                  "name": "20030428 GLSA:  snort (200304-06)",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=105154530427824\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0209",
        "datePublished": "2003-04-16T04:00:00.000Z",
        "dateReserved": "2003-04-15T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:43:36.113Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2306 (GCVE-0-2010-2306)

    Vulnerability from cvelistv5 – Published: 2010-06-16 20:00 – Updated: 2024-08-07 02:32
    VLAI
    Summary
    The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle (MITM) attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2010-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:32:15.528Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "65470",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/65470"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.sourcefire.com/notices/notice/1437"
              },
              {
                "name": "40143",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/40143"
              },
              {
                "name": "1024092",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1024092"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-107/"
              },
              {
                "name": "ADV-2010-1438",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/1438"
              },
              {
                "name": "20100610 ZDI-10-107: Multiple Sourcefire Products Static Web SSL Keys Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/511792/100/0/threaded"
              },
              {
                "name": "sourcefire3d-ssl-mitm(59380)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59380"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle (MITM) attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "65470",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/65470"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.sourcefire.com/notices/notice/1437"
            },
            {
              "name": "40143",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/40143"
            },
            {
              "name": "1024092",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1024092"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-107/"
            },
            {
              "name": "ADV-2010-1438",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/1438"
            },
            {
              "name": "20100610 ZDI-10-107: Multiple Sourcefire Products Static Web SSL Keys Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/511792/100/0/threaded"
            },
            {
              "name": "sourcefire3d-ssl-mitm(59380)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59380"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-2306",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle (MITM) attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "65470",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/65470"
                },
                {
                  "name": "https://support.sourcefire.com/notices/notice/1437",
                  "refsource": "MISC",
                  "url": "https://support.sourcefire.com/notices/notice/1437"
                },
                {
                  "name": "40143",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/40143"
                },
                {
                  "name": "1024092",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1024092"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-107/",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-107/"
                },
                {
                  "name": "ADV-2010-1438",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/1438"
                },
                {
                  "name": "20100610 ZDI-10-107: Multiple Sourcefire Products Static Web SSL Keys Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/511792/100/0/threaded"
                },
                {
                  "name": "sourcefire3d-ssl-mitm(59380)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59380"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-2306",
        "datePublished": "2010-06-16T20:00:00.000Z",
        "dateReserved": "2010-06-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:32:15.528Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-2344 (GCVE-0-2009-2344)

    Vulnerability from cvelistv5 – Published: 2009-07-07 19:00 – Updated: 2024-08-07 05:44
    VLAI
    Summary
    The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/35658 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1022500 vdb-entryx_refsource_SECTRACK
    http://www.exploit-db.com/exploits/9074 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/archive/1/504694/100… mailing-listx_refsource_BUGTRAQ
    http://www.vupen.com/english/advisories/2009/1785 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/35553 vdb-entryx_refsource_BID
    Date Public
    2009-07-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:44:55.955Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "35658",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35658"
              },
              {
                "name": "1022500",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1022500"
              },
              {
                "name": "9074",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/9074"
              },
              {
                "name": "20090701 Sourcefire 3D Sensor and DC, privilege escalation vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/504694/100/0/threaded"
              },
              {
                "name": "ADV-2009-1785",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1785"
              },
              {
                "name": "35553",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/35553"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-07-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "35658",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35658"
            },
            {
              "name": "1022500",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1022500"
            },
            {
              "name": "9074",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/9074"
            },
            {
              "name": "20090701 Sourcefire 3D Sensor and DC, privilege escalation vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/504694/100/0/threaded"
            },
            {
              "name": "ADV-2009-1785",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1785"
            },
            {
              "name": "35553",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/35553"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-2344",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "35658",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35658"
                },
                {
                  "name": "1022500",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1022500"
                },
                {
                  "name": "9074",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/9074"
                },
                {
                  "name": "20090701 Sourcefire 3D Sensor and DC, privilege escalation vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/504694/100/0/threaded"
                },
                {
                  "name": "ADV-2009-1785",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1785"
                },
                {
                  "name": "35553",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/35553"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-2344",
        "datePublished": "2009-07-07T19:00:00.000Z",
        "dateReserved": "2009-07-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:44:55.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5276 (GCVE-0-2006-5276)

    Vulnerability from cvelistv5 – Published: 2007-02-20 00:00 – Updated: 2024-08-07 19:48
    VLAI
    Summary
    Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.us-cert.gov/cas/techalerts/TA07-050A.html third-party-advisoryx_refsource_CERT
    http://www.kb.cert.org/vuls/id/196240 third-party-advisoryx_refsource_CERT-VN
    http://www116.nortelnetworks.com/pub/repository/C… x_refsource_CONFIRM
    http://security.gentoo.org/glsa/glsa-200703-01.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/26746 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/461810/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/24190 third-party-advisoryx_refsource_SECUNIA
    http://www.snort.org/docs/advisory-2007-02-19.html x_refsource_CONFIRM
    http://secunia.com/advisories/24239 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/24272 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/0656 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://fedoranews.org/updates/FEDORA-2007-206.shtml vendor-advisoryx_refsource_FEDORA
    http://www.vupen.com/english/advisories/2007/0668 vdb-entryx_refsource_VUPEN
    http://www.osvdb.org/32094 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/24235 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1017670 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/24240 third-party-advisoryx_refsource_SECUNIA
    http://iss.net/threats/257.html third-party-advisoryx_refsource_ISS
    http://www.securityfocus.com/bid/22616 vdb-entryx_refsource_BID
    http://www130.nortelnetworks.com/go/main.jsp?csca… x_refsource_CONFIRM
    https://www.exploit-db.com/exploits/3362 exploitx_refsource_EXPLOIT-DB
    https://bugzilla.redhat.com/show_bug.cgi?id=229265 x_refsource_MISC
    http://www.securitytracker.com/id?1017669 vdb-entryx_refsource_SECTRACK
    Date Public
    2007-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:48:28.530Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "TA07-050A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA07-050A.html"
              },
              {
                "name": "VU#196240",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/196240"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www116.nortelnetworks.com/pub/repository/CLARIFY/DOCUMENT/2007/08/021923-01.pdf"
              },
              {
                "name": "GLSA-200703-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200703-01.xml"
              },
              {
                "name": "26746",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26746"
              },
              {
                "name": "20070303 ERRATA: [ GLSA 200703-01 ] Snort: Remote execution of arbitrary code",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/461810/100/0/threaded"
              },
              {
                "name": "24190",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24190"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.snort.org/docs/advisory-2007-02-19.html"
              },
              {
                "name": "24239",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24239"
              },
              {
                "name": "24272",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24272"
              },
              {
                "name": "ADV-2007-0656",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0656"
              },
              {
                "name": "smb-bo(31275)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31275"
              },
              {
                "name": "FEDORA-2007-2060",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://fedoranews.org/updates/FEDORA-2007-206.shtml"
              },
              {
                "name": "ADV-2007-0668",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0668"
              },
              {
                "name": "32094",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/32094"
              },
              {
                "name": "24235",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24235"
              },
              {
                "name": "1017670",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017670"
              },
              {
                "name": "24240",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24240"
              },
              {
                "name": "20070219 Sourcefire Snort Remote Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_ISS",
                  "x_transferred"
                ],
                "url": "http://iss.net/threats/257.html"
              },
              {
                "name": "22616",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22616"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=540173"
              },
              {
                "name": "3362",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/3362"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=229265"
              },
              {
                "name": "1017669",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017669"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "TA07-050A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-050A.html"
            },
            {
              "name": "VU#196240",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/196240"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www116.nortelnetworks.com/pub/repository/CLARIFY/DOCUMENT/2007/08/021923-01.pdf"
            },
            {
              "name": "GLSA-200703-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200703-01.xml"
            },
            {
              "name": "26746",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26746"
            },
            {
              "name": "20070303 ERRATA: [ GLSA 200703-01 ] Snort: Remote execution of arbitrary code",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/461810/100/0/threaded"
            },
            {
              "name": "24190",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24190"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.snort.org/docs/advisory-2007-02-19.html"
            },
            {
              "name": "24239",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24239"
            },
            {
              "name": "24272",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24272"
            },
            {
              "name": "ADV-2007-0656",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0656"
            },
            {
              "name": "smb-bo(31275)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31275"
            },
            {
              "name": "FEDORA-2007-2060",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://fedoranews.org/updates/FEDORA-2007-206.shtml"
            },
            {
              "name": "ADV-2007-0668",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0668"
            },
            {
              "name": "32094",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/32094"
            },
            {
              "name": "24235",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24235"
            },
            {
              "name": "1017670",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017670"
            },
            {
              "name": "24240",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24240"
            },
            {
              "name": "20070219 Sourcefire Snort Remote Buffer Overflow",
              "tags": [
                "third-party-advisory",
                "x_refsource_ISS"
              ],
              "url": "http://iss.net/threats/257.html"
            },
            {
              "name": "22616",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22616"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=540173"
            },
            {
              "name": "3362",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/3362"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=229265"
            },
            {
              "name": "1017669",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017669"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5276",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "TA07-050A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA07-050A.html"
                },
                {
                  "name": "VU#196240",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/196240"
                },
                {
                  "name": "http://www116.nortelnetworks.com/pub/repository/CLARIFY/DOCUMENT/2007/08/021923-01.pdf",
                  "refsource": "CONFIRM",
                  "url": "http://www116.nortelnetworks.com/pub/repository/CLARIFY/DOCUMENT/2007/08/021923-01.pdf"
                },
                {
                  "name": "GLSA-200703-01",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200703-01.xml"
                },
                {
                  "name": "26746",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26746"
                },
                {
                  "name": "20070303 ERRATA: [ GLSA 200703-01 ] Snort: Remote execution of arbitrary code",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/461810/100/0/threaded"
                },
                {
                  "name": "24190",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24190"
                },
                {
                  "name": "http://www.snort.org/docs/advisory-2007-02-19.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.snort.org/docs/advisory-2007-02-19.html"
                },
                {
                  "name": "24239",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24239"
                },
                {
                  "name": "24272",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24272"
                },
                {
                  "name": "ADV-2007-0656",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0656"
                },
                {
                  "name": "smb-bo(31275)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31275"
                },
                {
                  "name": "FEDORA-2007-2060",
                  "refsource": "FEDORA",
                  "url": "http://fedoranews.org/updates/FEDORA-2007-206.shtml"
                },
                {
                  "name": "ADV-2007-0668",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0668"
                },
                {
                  "name": "32094",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/32094"
                },
                {
                  "name": "24235",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24235"
                },
                {
                  "name": "1017670",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017670"
                },
                {
                  "name": "24240",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24240"
                },
                {
                  "name": "20070219 Sourcefire Snort Remote Buffer Overflow",
                  "refsource": "ISS",
                  "url": "http://iss.net/threats/257.html"
                },
                {
                  "name": "22616",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22616"
                },
                {
                  "name": "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=540173",
                  "refsource": "CONFIRM",
                  "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=540173"
                },
                {
                  "name": "3362",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/3362"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=229265",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=229265"
                },
                {
                  "name": "1017669",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017669"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5276",
        "datePublished": "2007-02-20T00:00:00.000Z",
        "dateReserved": "2006-10-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:48:28.530Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-2769 (GCVE-0-2006-2769)

    Vulnerability from cvelistv5 – Published: 2006-06-02 10:00 – Updated: 2024-08-07 17:58
    VLAI
    Summary
    The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass "uricontent" rules via a carriage return (\r) after the URL and before the HTTP declaration.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/435872/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/435734/100… mailing-listx_refsource_BUGTRAQ
    http://www.demarc.com/support/downloads/patch_20060531 x_refsource_MISC
    http://secunia.com/advisories/20766 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/18200 vdb-entryx_refsource_BID
    http://secunia.com/advisories/20413 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/435600/100… mailing-listx_refsource_BUGTRAQ
    http://www.vupen.com/english/advisories/2006/2119 vdb-entryx_refsource_VUPEN
    http://securityreason.com/securityalert/1018 third-party-advisoryx_refsource_SREASON
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.osvdb.org/25837 vdb-entryx_refsource_OSVDB
    http://lists.suse.com/archive/suse-security-annou… vendor-advisoryx_refsource_SUSE
    http://securitytracker.com/id?1016191 vdb-entryx_refsource_SECTRACK
    http://marc.info/?l=snort-devel&m=114909074311462&w=2 mailing-listx_refsource_MLIST
    http://www.snort.org/pub-bin/snortnews.cgi#431 x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/435797/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2006-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:58:52.058Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060603 Re: New Snort Bypass - Patch - Bypass of Patch",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/435872/100/0/threaded"
              },
              {
                "name": "20060602 New Snort Bypass - Patch - Bypass of Patch",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/435734/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.demarc.com/support/downloads/patch_20060531"
              },
              {
                "name": "20766",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20766"
              },
              {
                "name": "18200",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18200"
              },
              {
                "name": "20413",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20413"
              },
              {
                "name": "20060601 Snort HTTP Inspect Pre-Processor Uricontent Bypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/435600/100/0/threaded"
              },
              {
                "name": "ADV-2006-2119",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2119"
              },
              {
                "name": "1018",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1018"
              },
              {
                "name": "snort-uricontent-rule-bypass(26855)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26855"
              },
              {
                "name": "25837",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/25837"
              },
              {
                "name": "SUSE-SR:2006:014",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html"
              },
              {
                "name": "1016191",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016191"
              },
              {
                "name": "[Snort-devel] 20060531 Snort Uricontent Bypass Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=snort-devel\u0026m=114909074311462\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.snort.org/pub-bin/snortnews.cgi#431"
              },
              {
                "name": "20060602 Re: New Snort Bypass - Patch - Bypass of Patch",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/435797/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass \"uricontent\" rules via a carriage return (\\r) after the URL and before the HTTP declaration."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060603 Re: New Snort Bypass - Patch - Bypass of Patch",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/435872/100/0/threaded"
            },
            {
              "name": "20060602 New Snort Bypass - Patch - Bypass of Patch",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/435734/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.demarc.com/support/downloads/patch_20060531"
            },
            {
              "name": "20766",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20766"
            },
            {
              "name": "18200",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18200"
            },
            {
              "name": "20413",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20413"
            },
            {
              "name": "20060601 Snort HTTP Inspect Pre-Processor Uricontent Bypass",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/435600/100/0/threaded"
            },
            {
              "name": "ADV-2006-2119",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2119"
            },
            {
              "name": "1018",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1018"
            },
            {
              "name": "snort-uricontent-rule-bypass(26855)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26855"
            },
            {
              "name": "25837",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/25837"
            },
            {
              "name": "SUSE-SR:2006:014",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html"
            },
            {
              "name": "1016191",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016191"
            },
            {
              "name": "[Snort-devel] 20060531 Snort Uricontent Bypass Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=snort-devel\u0026m=114909074311462\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.snort.org/pub-bin/snortnews.cgi#431"
            },
            {
              "name": "20060602 Re: New Snort Bypass - Patch - Bypass of Patch",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/435797/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-2769",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass \"uricontent\" rules via a carriage return (\\r) after the URL and before the HTTP declaration."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060603 Re: New Snort Bypass - Patch - Bypass of Patch",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/435872/100/0/threaded"
                },
                {
                  "name": "20060602 New Snort Bypass - Patch - Bypass of Patch",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/435734/100/0/threaded"
                },
                {
                  "name": "http://www.demarc.com/support/downloads/patch_20060531",
                  "refsource": "MISC",
                  "url": "http://www.demarc.com/support/downloads/patch_20060531"
                },
                {
                  "name": "20766",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20766"
                },
                {
                  "name": "18200",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18200"
                },
                {
                  "name": "20413",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20413"
                },
                {
                  "name": "20060601 Snort HTTP Inspect Pre-Processor Uricontent Bypass",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/435600/100/0/threaded"
                },
                {
                  "name": "ADV-2006-2119",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2119"
                },
                {
                  "name": "1018",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1018"
                },
                {
                  "name": "snort-uricontent-rule-bypass(26855)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26855"
                },
                {
                  "name": "25837",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/25837"
                },
                {
                  "name": "SUSE-SR:2006:014",
                  "refsource": "SUSE",
                  "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html"
                },
                {
                  "name": "1016191",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016191"
                },
                {
                  "name": "[Snort-devel] 20060531 Snort Uricontent Bypass Vulnerability",
                  "refsource": "MLIST",
                  "url": "http://marc.info/?l=snort-devel\u0026m=114909074311462\u0026w=2"
                },
                {
                  "name": "http://www.snort.org/pub-bin/snortnews.cgi#431",
                  "refsource": "CONFIRM",
                  "url": "http://www.snort.org/pub-bin/snortnews.cgi#431"
                },
                {
                  "name": "20060602 Re: New Snort Bypass - Patch - Bypass of Patch",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/435797/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-2769",
        "datePublished": "2006-06-02T10:00:00.000Z",
        "dateReserved": "2006-06-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:58:52.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-0839 (GCVE-0-2006-0839)

    Vulnerability from cvelistv5 – Published: 2006-02-22 02:00 – Updated: 2024-08-07 16:48
    VLAI
    Summary
    The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/425290/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/16705 vdb-entryx_refsource_BID
    http://secunia.com/advisories/18959 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2006-02-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:48:56.548Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060217 SNORT Incorrect fragmented packet reassembly",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/425290/100/0/threaded"
              },
              {
                "name": "16705",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/16705"
              },
              {
                "name": "18959",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18959"
              },
              {
                "name": "snort-frag3-detection-bypass(24811)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24811"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-02-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060217 SNORT Incorrect fragmented packet reassembly",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/425290/100/0/threaded"
            },
            {
              "name": "16705",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/16705"
            },
            {
              "name": "18959",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18959"
            },
            {
              "name": "snort-frag3-detection-bypass(24811)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24811"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-0839",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060217 SNORT Incorrect fragmented packet reassembly",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/425290/100/0/threaded"
                },
                {
                  "name": "16705",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/16705"
                },
                {
                  "name": "18959",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18959"
                },
                {
                  "name": "snort-frag3-detection-bypass(24811)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24811"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-0839",
        "datePublished": "2006-02-22T02:00:00.000Z",
        "dateReserved": "2006-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:48:56.548Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-2652 (GCVE-0-2004-2652)

    Vulnerability from cvelistv5 – Published: 2005-12-18 22:00 – Updated: 2024-08-08 01:36
    VLAI
    Summary
    The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packets with invalid TCP/IP options, which trigger a null dereference.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2004-12-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:36:24.604Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1012656",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1012656"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.frsirt.com/exploits/20041222.angelDust.c.php"
              },
              {
                "name": "snort-tcpip-printing-dos(18689)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18689"
              },
              {
                "name": "12084",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/12084"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securiteam.com/exploits/6X00L20C0S.html"
              },
              {
                "name": "12578",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/12578"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.snort.org/arc_news/"
              },
              {
                "name": "13664",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/13664"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://taosecurity.blogspot.com/2004/12/details-on-snort-dos-condition-you-may.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-12-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packets with invalid TCP/IP options, which trigger a null dereference."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1012656",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1012656"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.frsirt.com/exploits/20041222.angelDust.c.php"
            },
            {
              "name": "snort-tcpip-printing-dos(18689)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18689"
            },
            {
              "name": "12084",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/12084"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securiteam.com/exploits/6X00L20C0S.html"
            },
            {
              "name": "12578",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/12578"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.snort.org/arc_news/"
            },
            {
              "name": "13664",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/13664"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://taosecurity.blogspot.com/2004/12/details-on-snort-dos-condition-you-may.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-2652",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packets with invalid TCP/IP options, which trigger a null dereference."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1012656",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1012656"
                },
                {
                  "name": "http://www.frsirt.com/exploits/20041222.angelDust.c.php",
                  "refsource": "MISC",
                  "url": "http://www.frsirt.com/exploits/20041222.angelDust.c.php"
                },
                {
                  "name": "snort-tcpip-printing-dos(18689)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18689"
                },
                {
                  "name": "12084",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/12084"
                },
                {
                  "name": "http://www.securiteam.com/exploits/6X00L20C0S.html",
                  "refsource": "MISC",
                  "url": "http://www.securiteam.com/exploits/6X00L20C0S.html"
                },
                {
                  "name": "12578",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/12578"
                },
                {
                  "name": "http://www.snort.org/arc_news/",
                  "refsource": "CONFIRM",
                  "url": "http://www.snort.org/arc_news/"
                },
                {
                  "name": "13664",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/13664"
                },
                {
                  "name": "http://taosecurity.blogspot.com/2004/12/details-on-snort-dos-condition-you-may.html",
                  "refsource": "MISC",
                  "url": "http://taosecurity.blogspot.com/2004/12/details-on-snort-dos-condition-you-may.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-2652",
        "datePublished": "2005-12-18T22:00:00.000Z",
        "dateReserved": "2005-12-18T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:36:24.604Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-3252 (GCVE-0-2005-3252)

    Vulnerability from cvelistv5 – Published: 2005-10-18 04:00 – Updated: 2024-08-07 23:01
    VLAI
    Summary
    Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/175500 third-party-advisoryx_refsource_CERT-VN
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    http://www130.nortelnetworks.com/cgi-bin/eserv/cs… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/15131 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2005/2138 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/17559 third-party-advisoryx_refsource_SECUNIA
    http://xforce.iss.net/xforce/alerts/id/207 third-party-advisoryx_refsource_ISS
    http://www.osvdb.org/20034 vdb-entryx_refsource_OSVDB
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    http://www.snort.org/docs/change_logs/2.4.3/Chang… x_refsource_CONFIRM
    http://secunia.com/advisories/17220 third-party-advisoryx_refsource_SECUNIA
    http://www130.nortelnetworks.com/cgi-bin/eserv/cs… x_refsource_CONFIRM
    http://www.us-cert.gov/cas/techalerts/TA05-291A.html third-party-advisoryx_refsource_CERT
    http://securitytracker.com/id?1015070 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/17255 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2005-10-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:01:59.077Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#175500",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/175500"
              },
              {
                "name": "20051025 Snort\u0027s BO pre-processor exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0505.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=362187\u0026RenditionID="
              },
              {
                "name": "15131",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15131"
              },
              {
                "name": "ADV-2005-2138",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/2138"
              },
              {
                "name": "17559",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17559"
              },
              {
                "name": "20051018 Snort Back Orifice Parsing Remote Code Execution",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_ISS",
                  "x_transferred"
                ],
                "url": "http://xforce.iss.net/xforce/alerts/id/207"
              },
              {
                "name": "20034",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/20034"
              },
              {
                "name": "20051101 Snort Back Orifice Preprocessor Exploit (Win32 targets)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0010.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.snort.org/docs/change_logs/2.4.3/Changelog.txt"
              },
              {
                "name": "17220",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17220"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=363396\u0026RenditionID="
              },
              {
                "name": "TA05-291A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA05-291A.html"
              },
              {
                "name": "1015070",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015070"
              },
              {
                "name": "17255",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17255"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-10-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-11-04T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "VU#175500",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/175500"
            },
            {
              "name": "20051025 Snort\u0027s BO pre-processor exploit",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0505.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=362187\u0026RenditionID="
            },
            {
              "name": "15131",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15131"
            },
            {
              "name": "ADV-2005-2138",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/2138"
            },
            {
              "name": "17559",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17559"
            },
            {
              "name": "20051018 Snort Back Orifice Parsing Remote Code Execution",
              "tags": [
                "third-party-advisory",
                "x_refsource_ISS"
              ],
              "url": "http://xforce.iss.net/xforce/alerts/id/207"
            },
            {
              "name": "20034",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/20034"
            },
            {
              "name": "20051101 Snort Back Orifice Preprocessor Exploit (Win32 targets)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0010.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.snort.org/docs/change_logs/2.4.3/Changelog.txt"
            },
            {
              "name": "17220",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17220"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=363396\u0026RenditionID="
            },
            {
              "name": "TA05-291A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA05-291A.html"
            },
            {
              "name": "1015070",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015070"
            },
            {
              "name": "17255",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17255"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-3252",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#175500",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/175500"
                },
                {
                  "name": "20051025 Snort\u0027s BO pre-processor exploit",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0505.html"
                },
                {
                  "name": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=362187\u0026RenditionID=",
                  "refsource": "CONFIRM",
                  "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=362187\u0026RenditionID="
                },
                {
                  "name": "15131",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15131"
                },
                {
                  "name": "ADV-2005-2138",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/2138"
                },
                {
                  "name": "17559",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17559"
                },
                {
                  "name": "20051018 Snort Back Orifice Parsing Remote Code Execution",
                  "refsource": "ISS",
                  "url": "http://xforce.iss.net/xforce/alerts/id/207"
                },
                {
                  "name": "20034",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/20034"
                },
                {
                  "name": "20051101 Snort Back Orifice Preprocessor Exploit (Win32 targets)",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0010.html"
                },
                {
                  "name": "http://www.snort.org/docs/change_logs/2.4.3/Changelog.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.snort.org/docs/change_logs/2.4.3/Changelog.txt"
                },
                {
                  "name": "17220",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17220"
                },
                {
                  "name": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=363396\u0026RenditionID=",
                  "refsource": "CONFIRM",
                  "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=363396\u0026RenditionID="
                },
                {
                  "name": "TA05-291A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA05-291A.html"
                },
                {
                  "name": "1015070",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015070"
                },
                {
                  "name": "17255",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17255"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-3252",
        "datePublished": "2005-10-18T04:00:00.000Z",
        "dateReserved": "2005-10-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:01:59.077Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-0209 (GCVE-0-2003-0209)

    Vulnerability from cvelistv5 – Published: 2003-04-16 04:00 – Updated: 2024-08-08 01:43
    VLAI
    Summary
    Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://marc.info/?l=bugtraq&m=105103586927007&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/7178 vdb-entryx_refsource_BID
    http://www.cert.org/advisories/CA-2003-13.html third-party-advisoryx_refsource_CERT
    http://marc.info/?l=bugtraq&m=105043563016235&w=2 mailing-listx_refsource_BUGTRAQ
    http://marc.info/?l=bugtraq&m=105172790914107&w=2 vendor-advisoryx_refsource_ENGARDE
    http://www.kb.cert.org/vuls/id/139129 third-party-advisoryx_refsource_CERT-VN
    http://www.debian.org/security/2003/dsa-297 vendor-advisoryx_refsource_DEBIAN
    http://marc.info/?l=bugtraq&m=105111217731583&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRAKE
    http://www.coresecurity.com/common/showdoc.php?id… x_refsource_MISC
    http://marc.info/?l=bugtraq&m=105154530427824&w=2 mailing-listx_refsource_BUGTRAQ
    Date Public
    2003-04-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:43:36.113Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20030422 GLSA:  snort (200304-05)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=105103586927007\u0026w=2"
              },
              {
                "name": "7178",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/7178"
              },
              {
                "name": "CA-2003-13",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.cert.org/advisories/CA-2003-13.html"
              },
              {
                "name": "20030415 CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=105043563016235\u0026w=2"
              },
              {
                "name": "ESA-20030430-013",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ENGARDE",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=105172790914107\u0026w=2"
              },
              {
                "name": "VU#139129",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/139129"
              },
              {
                "name": "DSA-297",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2003/dsa-297"
              },
              {
                "name": "20030423 Snort \u003c=1.9.1 exploit",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=105111217731583\u0026w=2"
              },
              {
                "name": "MDKSA-2003:052",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:052"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.coresecurity.com/common/showdoc.php?idx=313\u0026idxseccion=10"
              },
              {
                "name": "20030428 GLSA:  snort (200304-06)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=105154530427824\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-04-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-10-17T13:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20030422 GLSA:  snort (200304-05)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=105103586927007\u0026w=2"
            },
            {
              "name": "7178",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/7178"
            },
            {
              "name": "CA-2003-13",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.cert.org/advisories/CA-2003-13.html"
            },
            {
              "name": "20030415 CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=105043563016235\u0026w=2"
            },
            {
              "name": "ESA-20030430-013",
              "tags": [
                "vendor-advisory",
                "x_refsource_ENGARDE"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=105172790914107\u0026w=2"
            },
            {
              "name": "VU#139129",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/139129"
            },
            {
              "name": "DSA-297",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2003/dsa-297"
            },
            {
              "name": "20030423 Snort \u003c=1.9.1 exploit",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=105111217731583\u0026w=2"
            },
            {
              "name": "MDKSA-2003:052",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:052"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.coresecurity.com/common/showdoc.php?idx=313\u0026idxseccion=10"
            },
            {
              "name": "20030428 GLSA:  snort (200304-06)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=105154530427824\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0209",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20030422 GLSA:  snort (200304-05)",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=105103586927007\u0026w=2"
                },
                {
                  "name": "7178",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/7178"
                },
                {
                  "name": "CA-2003-13",
                  "refsource": "CERT",
                  "url": "http://www.cert.org/advisories/CA-2003-13.html"
                },
                {
                  "name": "20030415 CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=105043563016235\u0026w=2"
                },
                {
                  "name": "ESA-20030430-013",
                  "refsource": "ENGARDE",
                  "url": "http://marc.info/?l=bugtraq\u0026m=105172790914107\u0026w=2"
                },
                {
                  "name": "VU#139129",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/139129"
                },
                {
                  "name": "DSA-297",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2003/dsa-297"
                },
                {
                  "name": "20030423 Snort \u003c=1.9.1 exploit",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=105111217731583\u0026w=2"
                },
                {
                  "name": "MDKSA-2003:052",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:052"
                },
                {
                  "name": "http://www.coresecurity.com/common/showdoc.php?idx=313\u0026idxseccion=10",
                  "refsource": "MISC",
                  "url": "http://www.coresecurity.com/common/showdoc.php?idx=313\u0026idxseccion=10"
                },
                {
                  "name": "20030428 GLSA:  snort (200304-06)",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=105154530427824\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0209",
        "datePublished": "2003-04-16T04:00:00.000Z",
        "dateReserved": "2003-04-15T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:43:36.113Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }