Snort ICMP header size denial of service

snort-icmp-dos (7874)

Medium Risk

Description:

Snort is vulnerable to a denial of service attack, caused by an error in the interpreting of ICMP header size. A remote attacker can send a specially-crafted ICMP packet to the system to cause the Snort daemon to crash and dump core. The program must be restarted to regain normal functionality.

Platforms Affected:

• Snort, Snort 1.8.3

Remedy:

Apply the patch for this vulnerability included in the BugTraq Mailing List posting dated Jan 10 2002 11:00PM. See References.

Consequences:

Denial of Service

References:

• BugTraq Mailing List, Thu Jan 10 2002 - 23:00:49 CST, Re: Snort core dumped at http://archives.neohapsis.com/archives/bugtraq/2002-01/0142.html.
• BugTraq Mailing List, Wed Jan 09 2002 - 23:26:15 CST, Snort core dumped at http://archives.neohapsis.com/archives/bugtraq/2002-01/0122.html.
• CIAC Information Bulletin M-033, Snort IDS Denial of Service Vulnerability at http://www.ciac.org/ciac/bulletins/m-033.shtml.
• Internet Security Systems Security Alert #108, Remote Denial of Service Vulnerability in Snort IDS at http://www.iss.net/xforce/alerts/id/advise108.
• Snort Web site, Snort at http://www.snort.org/.
• BID-3849: Snort ICMP Denial of Service Vulnerability
• CVE-2002-0115: Snort 1.8.3 does not properly define the minimum ICMP header size, which allows remote attackers to cause a denial of service (crash and core dump) via a malformed ICMP packet.
• OSVDB ID: 2022: Snort Minimum ICMP Header DoS

Reported:

Jan 10, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page