Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1804

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-1804
Last Modified 07 Mar 2011 10:07:39
Published 22 May 2008 09:09:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1804

Summary

preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment.

Vulnerable Systems

Application

  • Snort 2.8.0


References

FEDORA - FEDORA-2008-5045

FEDORA - FEDORA-2008-5001

FEDORA - FEDORA-2008-4986

XF - snort-ttl-security-bypass(42584)

VUPEN - ADV-2008-1602

BID - 29327

CONFIRM - http://www.ipcop.org/index.php?name=News&file=article&sid=40

SECTRACK - 1020081

SECUNIA - 31204

SECUNIA - 30563

IDEFENSE - 20080521 Multiple Vendor Snort IP Fragment TTL Evasion Vulnerability

CONFIRM - http://cvs.snort.org/viewcvs.cgi/snort/src/preprocessors/spp_frag3.c.diff?r1=text&tr1=1.46.2.4&r2=text&tr2=1.46.2.5&diff_format=h

CONFIRM - http://cvs.snort.org/viewcvs.cgi/snort/ChangeLog?rev=1.534.2.11

SECUNIA - 30348


Last Updated: 27 May 2016 10:47:40