var-200602-0404
Vulnerability from variot
The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths. Snort is reportedly prone to a vulnerability that may allow malicious packets to bypass detection. Reports indicate that the Frag3 preprocessor fails to properly analyze certain packets. A successful attack can allow attackers to bypass intrusion detection and to carry out attacks against computers protected by Snort. This vulnerability affects Snort 2.4.3. Other versions may be vulnerable as well.
TITLE: Snort frag3 Preprocessor Packet Reassembly Vulnerability
SECUNIA ADVISORY ID: SA18959
VERIFY ADVISORY: http://secunia.com/advisories/18959/
CRITICAL: Moderately critical
IMPACT: Security Bypass
WHERE:
From remote
SOFTWARE: Snort 2.4.x http://secunia.com/product/5691/
DESCRIPTION: siouxsie has reported a vulnerability in Snort, which potentially can be exploited by malicious people to bypass certain security restrictions.
The vulnerability has been reported in version 2.4.3.
SOLUTION: Filter potentially malicious fragmented IP packets with a firewall.
PROVIDED AND/OR DISCOVERED BY: siouxsie
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200602-0404",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "snort",
"scope": "eq",
"trust": 1.6,
"vendor": "sourcefire",
"version": "2.4.3"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "project snort",
"scope": "eq",
"trust": 0.3,
"vendor": "snort",
"version": "2.4.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0996"
},
{
"db": "BID",
"id": "16705"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-339"
},
{
"db": "NVD",
"id": "CVE-2006-0839"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reported by",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200602-339"
}
],
"trust": 0.6
},
"cve": "CVE-2006-0839",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2006-0839",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2006-0996",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-0839",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2006-0996",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200602-339",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0996"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-339"
},
{
"db": "NVD",
"id": "CVE-2006-0839"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths. Snort is reportedly prone to a vulnerability that may allow malicious packets to bypass detection. \nReports indicate that the Frag3 preprocessor fails to properly analyze certain packets. \nA successful attack can allow attackers to bypass intrusion detection and to carry out attacks against computers protected by Snort. \nThis vulnerability affects Snort 2.4.3. Other versions may be vulnerable as well. \n\nTITLE:\nSnort frag3 Preprocessor Packet Reassembly Vulnerability\n\nSECUNIA ADVISORY ID:\nSA18959\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/18959/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nSnort 2.4.x\nhttp://secunia.com/product/5691/\n\nDESCRIPTION:\nsiouxsie has reported a vulnerability in Snort, which potentially can\nbe exploited by malicious people to bypass certain security\nrestrictions. \n\nThe vulnerability has been reported in version 2.4.3. \n\nSOLUTION:\nFilter potentially malicious fragmented IP packets with a firewall. \n\nPROVIDED AND/OR DISCOVERED BY:\nsiouxsie\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0839"
},
{
"db": "CNVD",
"id": "CNVD-2006-0996"
},
{
"db": "BID",
"id": "16705"
},
{
"db": "PACKETSTORM",
"id": "44230"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "16705",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2006-0839",
"trust": 2.2
},
{
"db": "SECUNIA",
"id": "18959",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2006-0996",
"trust": 0.6
},
{
"db": "XF",
"id": "3",
"trust": 0.6
},
{
"db": "XF",
"id": "24811",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060217 SNORT INCORRECT FRAGMENTED PACKET REASSEMBLY",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200602-339",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "44230",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0996"
},
{
"db": "BID",
"id": "16705"
},
{
"db": "PACKETSTORM",
"id": "44230"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-339"
},
{
"db": "NVD",
"id": "CVE-2006-0839"
}
]
},
"id": "VAR-200602-0404",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0996"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0996"
}
]
},
"last_update_date": "2024-11-23T21:12:56.820000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0839"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/16705"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/18959"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/425290/100/0/threaded"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24811"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/425290/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/24811"
},
{
"trust": 0.3,
"url": "http://www.snort.org/"
},
{
"trust": 0.3,
"url": "/archive/1/425290"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5691/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/18959/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0996"
},
{
"db": "BID",
"id": "16705"
},
{
"db": "PACKETSTORM",
"id": "44230"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-339"
},
{
"db": "NVD",
"id": "CVE-2006-0839"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2006-0996"
},
{
"db": "BID",
"id": "16705"
},
{
"db": "PACKETSTORM",
"id": "44230"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-339"
},
{
"db": "NVD",
"id": "CVE-2006-0839"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-02-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-0996"
},
{
"date": "2006-02-17T00:00:00",
"db": "BID",
"id": "16705"
},
{
"date": "2006-03-01T03:50:51",
"db": "PACKETSTORM",
"id": "44230"
},
{
"date": "2006-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200602-339"
},
{
"date": "2006-02-22T02:02:00",
"db": "NVD",
"id": "CVE-2006-0839"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-02-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-0996"
},
{
"date": "2006-02-17T18:43:00",
"db": "BID",
"id": "16705"
},
{
"date": "2006-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200602-339"
},
{
"date": "2024-11-21T00:07:27.493000",
"db": "NVD",
"id": "CVE-2006-0839"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200602-339"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Snort Frag3 Processor Packet Fragment Avoidance Detection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-0996"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "16705"
},
{
"db": "CNNVD",
"id": "CNNVD-200602-339"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…