Signature Detail
Short Name |
APP:SNORT:GARBAGE-PACKET |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Malformed Packet Exploit |
Release Date |
2003/05/14 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: Malformed Packet Exploit
This signature detects attempts to exploit a known vulnerability in Snort 1.9.1 and earlier versions. Attackers can exploit Snort RPC validation to generate a shell that runs with Snort user privileges (typically root), possibly creating a denial-of-service condition, or executing arbitrary code.
Extended Description
A vulnerability in the Snort network IDS has been discovered that may allow for remote attackers to compromise hosts using the system. The vulnerability is due to a programmatic flaw in the RPC preprocessor. This preprocessor is enabled by default. Successful attacks may result in the execution of instructions on the IDS system with root privileges.
Affected Products
- SmoothWall 1.0.0
- SmoothWall 2.0.0 Beta 4
- Snort Project Snort 1.8.0
- Snort Project Snort 1.8.1
- Snort Project Snort 1.8.2
- Snort Project Snort 1.8.3
- Snort Project Snort 1.8.4
- Snort Project Snort 1.8.4 beta1
- Snort Project Snort 1.8.5
- Snort Project Snort 1.8.6
- Snort Project Snort 1.8.7
- Snort Project Snort 1.9.0
References
- BugTraq: 6963
- CERT: CA-2003-13
- CVE: CVE-2003-0033
- URL: http://www.linuxsecurity.com/content/view/113539/65/
- URL: http://www.ciac.org/ciac/bulletins/n-049.shtml