BID:21991

Snort Backtracking Denial of Service Vulnerability

Info

Snort Backtracking Denial of Service Vulnerability

Bugtraq ID:	21991
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2006-6931
Remote:	Yes
Local:	No
Published:	Jan 10 2007 12:00AM
Updated:	Mar 06 2007 09:05PM
Credit:	Randy Smith, Cristian Estan and Somesh Jha of University of Wisconsin-Madison are credited with the discovery of this vulnerability.
Vulnerable:	Snort Project Snort 2.6 .2 Snort Project Snort 2.6 .1 Snort Project Snort 2.4.5 Snort Project Snort 2.4.4 Snort Project Snort 2.4.3 Snort Project Snort 2.4.2 Snort Project Snort 2.4.1 Snort Project Snort 2.4 .0 Snort Project Snort 2.3.3 Snort Project Snort 2.3.2 Snort Project Snort 2.3.1 Snort Project Snort 2.3 .0 Snort Project Snort 2.2 Snort Project Snort 2.1.3 Snort Project Snort 2.1.1 RC1 Snort Project Snort 2.1 .0 Snort Project Snort 2.0.6 Snort Project Snort 2.0.4 Snort Project Snort 2.0 rc2 Snort Project Snort 2.0 .0rc1 Snort Project Snort 2.0 Snort Project Snort 1.9.1 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Multi Network Firewall 2.0 + Mandriva Linux Mandrake 9.1 ppc + Mandriva Linux Mandrake 9.1 + Mandriva Linux Mandrake 9.0 + Mandriva Linux Mandrake 8.2 ppc + Mandriva Linux Mandrake 8.2 Snort Project Snort 1.9 + Gentoo Linux 1.4 _rc3 + Gentoo Linux 1.4 _rc2 Snort Project Snort 1.8.7 Snort Project Snort 1.8.6 Snort Project Snort 1.8.5 Snort Project Snort 1.8.4 beta1 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 Snort Project Snort 1.8.4 Snort Project Snort 1.8.3 Snort Project Snort 1.8.2 Snort Project Snort 1.8.1 Snort Project Snort 1.8 Snort Project Snort 1.7 Snort Project Snort 1.6.3 Snort Project Snort 1.6.2 Snort Project Snort 1.6.1 Snort Project Snort 1.6 Snort Project Snort 1.5.2 Snort Project Snort 1.5.1 Snort Project Snort 1.5 Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0 Gentoo net-analyzer/snort 2.6.1

Not Vulnerable:	Snort Project Snort 2.6.1

Discussion

Snort Backtracking Denial of Service Vulnerability

Snort is prone to a denial-of-service vulnerability because the network intrusion detection (NID) system fails to handle specially crafted network packets.

An attacker can exploit this issue to cause the affected NID system to consume 100% CPU resources, allowing malicious network traffic to avoid detection.

This issue affects versions prior to 2.6.1.

Exploit / POC

Snort Backtracking Denial of Service Vulnerability

An attacker can exploit this issue by using standard network utilities.

Solution / Fix

Snort Backtracking Denial of Service Vulnerability

Solution:
Currently we are not aware of any solutions for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Snort Project Snort 1.8.3

Mandriva snort-2.1.0-3.1.M20mdk.i586.rpm
Multi Network Firewall 2.0:
http://www.mandriva.com/en/download

Mandriva snort-bloat-2.1.0-3.1.M20mdk.i586.rpm
Multi Network Firewall 2.0:
http://www.mandriva.com/en/download

Mandriva snort-mysql+flexresp-2.1.0-3.1.M20mdk.i586.rpm
Multi Network Firewall 2.0:
http://www.mandriva.com/en/download

Mandriva snort-mysql-2.1.0-3.1.M20mdk.i586.rpm
Multi Network Firewall 2.0:
http://www.mandriva.com/en/download

Mandriva snort-plain+flexresp-2.1.0-3.1.M20mdk.i586.rpm
Multi Network Firewall 2.0:
http://www.mandriva.com/en/download

Mandriva snort-postgresql+flexresp-2.1.0-3.1.M20mdk.i586.rpm
Multi Network Firewall 2.0:
http://www.mandriva.com/en/download

Mandriva snort-postgresql-2.1.0-3.1.M20mdk.i586.rpm
Multi Network Firewall 2.0:
http://www.mandriva.com/en/download

Mandriva snort-snmp+flexresp-2.1.0-3.1.M20mdk.i586.rpm
Multi Network Firewall 2.0:
http://www.mandriva.com/en/download

Mandriva snort-snmp-2.1.0-3.1.M20mdk.i586.rpm
Multi Network Firewall 2.0:
http://www.mandriva.com/en/download

Snort Project Snort 2.3.3

Mandriva snort-2.3.3-2.3.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva snort-2.3.3-2.3.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www.mandriva.com/en/download

Mandriva snort-bloat-2.3.3-2.3.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva snort-bloat-2.3.3-2.3.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www.mandriva.com/en/download

Mandriva snort-inline+flexresp-2.3.3-2.3.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva snort-inline+flexresp-2.3.3-2.3.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www.mandriva.com/en/download

Mandriva snort-inline-2.3.3-2.3.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva snort-inline-2.3.3-2.3.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www.mandriva.com/en/download

Mandriva snort-mysql+flexresp-2.3.3-2.3.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva snort-mysql+flexresp-2.3.3-2.3.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www.mandriva.com/en/download

Mandriva snort-mysql-2.3.3-2.3.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva snort-mysql-2.3.3-2.3.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www.mandriva.com/en/download

Mandriva snort-plain+flexresp-2.3.3-2.3.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva snort-plain+flexresp-2.3.3-2.3.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www.mandriva.com/en/download

Mandriva snort-postgresql+flexresp-2.3.3-2.3.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva snort-postgresql+flexresp-2.3.3-2.3.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www.mandriva.com/en/download

Mandriva snort-postgresql-2.3.3-2.3.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva snort-postgresql-2.3.3-2.3.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www.mandriva.com/en/download

Mandriva snort-snmp+flexresp-2.3.3-2.3.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva snort-snmp+flexresp-2.3.3-2.3.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www.mandriva.com/en/download

Mandriva snort-snmp-2.3.3-2.3.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva snort-snmp-2.3.3-2.3.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www.mandriva.com/en/download

Snort Project Snort 2.4.5

Mandriva snort-2.4.5-1.2.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download

Mandriva snort-2.4.5-1.2.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download

Mandriva snort-bloat-2.4.5-1.2.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download

Mandriva snort-bloat-2.4.5-1.2.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download

Mandriva snort-inline+flexresp-2.4.5-1.2.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download

Mandriva snort-inline+flexresp-2.4.5-1.2.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download

Mandriva snort-inline-2.4.5-1.2.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download

Mandriva snort-inline-2.4.5-1.2.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download

Mandriva snort-mysql+flexresp-2.4.5-1.2.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download

Mandriva snort-mysql+flexresp-2.4.5-1.2.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download

Mandriva snort-mysql-2.4.5-1.2.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download

Mandriva snort-mysql-2.4.5-1.2.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download

Mandriva snort-plain+flexresp-2.4.5-1.2.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download

Mandriva snort-plain+flexresp-2.4.5-1.2.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download

Mandriva snort-postgresql+flexresp-2.4.5-1.2.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download

Mandriva snort-postgresql+flexresp-2.4.5-1.2.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download

Mandriva snort-postgresql-2.4.5-1.2.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download

Mandriva snort-postgresql-2.4.5-1.2.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download

Mandriva snort-prelude+flexresp-2.4.5-1.2.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download

Mandriva snort-prelude+flexresp-2.4.5-1.2.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download

Mandriva snort-prelude-2.4.5-1.2.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download

Mandriva snort-prelude-2.4.5-1.2.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download

Mandriva snort-snmp+flexresp-2.4.5-1.2.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download

Mandriva snort-snmp+flexresp-2.4.5-1.2.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download

Mandriva snort-snmp-2.4.5-1.2.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download

Mandriva snort-snmp-2.4.5-1.2.20060mlcs4.x86_64.rpm
Corporate 4.0/X86_64:
http://www.mandriva.com/en/download

References

Snort Backtracking Denial of Service Vulnerability

References:

Backtracking Algorithmic Complexity Attacks Against a NIDS (Randy Smith, Cristian Estan and Somesh Jha)
Backtracking Algorithmic Complexity Attacks Against a NIDS Powerpoint Slides (Randy Smith)
Snort Homepage (Snort Project)