[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SNORT Incorrect fragmented packet reassembly

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: SNORT Incorrect fragmented packet reassembly
From: siouxsie@xxxxxxxxxxxx
Date: 17 Feb 2006 14:51:46 -0000

Snort 2.4.3 has a bug in processing fragmented ip packets which has ip options. 
frag3 preprocessor of snort skips [ip_option_length] bytes from end of the ip 
options when reassembling packet, thus allowing anyone to evade ids.

Guys at snort.org already informed and are fixing the problem.

Prev by Date: Re: Siteframe Beaumont 5.0.2 <== User Comment Cross-Site Scripting Vulnerability
Next by Date: [USN-252-1] gnupg vulnerability
Previous by thread: Soldier of Fortune II format string through PunkBuster 1.180
Next by thread: [USN-252-1] gnupg vulnerability
Index(es):
- Date
- Thread