Snort Inline Fragmentation Denial of Service Vulnerability

Bugtraq ID:	22872
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-1398
Remote:	Yes
Local:	No
Published:	Mar 08 2007 12:00AM
Updated:	May 12 2015 07:33PM
Credit:	Antimatt3r <[email protected]> is credited with the discovery of this vulnerability.
Vulnerable:	Snort Project Snort 2.6.1 .2 Snort Project Snort 2.6.1 .1 Snort Project Snort 2.7.0 beta 1
Not Vulnerable:

Snort Inline Fragmentation Denial of Service Vulnerability

Snort is prone to a denial-of-service vulnerability because the network intrusion-detection (NID) system fails to handle specially crafted network packets.

An attacker can exploit this issue to crash the application, allowing malicious network traffic to bypass the NID system.

This issue affects versions 2.6.1.1, 2.6.1.2, and 2.7.0(beta); other versions may also be affected.

NOTE: Reportedly, for this vulnerability to occur, Snort must be running Inline on Linux, with Frag3 enabled and ip_conntrack disabled.

Snort Inline Fragmentation Denial of Service Vulnerability

The following exploit is available:

• /data/vulnerabilities/exploits/22782.c

Snort Inline Fragmentation Denial of Service Vulnerability

Solution:
Currently we are not aware of any solutions for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Snort Inline Fragmentation Denial of Service Vulnerability

References:

• Snort Homepage (Snort Project)