[Secure-testing-team] Bug#483160: CVE-2008-1804: possibility to bypass detection rules
Steffen Joeris
steffen.joeris at skolelinux.de
Tue May 27 15:11:44 UTC 2008
Package: snort
Severity: grave
Tags: security
Justification: user security hole
Hi
The following CVE(0) has been issued against snort.
CVE-2008-1804:
preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not
properly identify packet fragments that have dissimilar TTL values,
which allows remote attackers to bypass detection rules by using a
different TTL for each fragment.
The upstream patch is here(1), but I guess it has to be backported.
In case you fix this issue by an upload, please mention the CVE id in
your changelog.
Cheers
Steffen
(0): http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1804
(1): http://cvs.snort.org/viewcvs.cgi/snort/src/preprocessors/spp_frag3.c.diff?r1=text&tr1=1.46.2.4&r2=text&tr2=1.46.2.5&diff_format=h
More information about the Secure-testing-team
mailing list