[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

252416

 
 

909

 
 

196839

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-1804Date: (C)2008-05-22   (M)2023-12-22


preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1020081
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=701
BID-29327
SECUNIA-30348
SECUNIA-30563
SECUNIA-31204
ADV-2008-1602
FEDORA-2008-4986
FEDORA-2008-5001
FEDORA-2008-5045
http://cvs.snort.org/viewcvs.cgi/snort/ChangeLog?rev=1.534.2.11
http://cvs.snort.org/viewcvs.cgi/snort/src/preprocessors/spp_frag3.c.diff?r1=text&tr1=1.46.2.4&r2=text&tr2=1.46.2.5&diff_format=h
http://www.ipcop.org/index.php?name=News&file=article&sid=40
snort-ttl-security-bypass(42584)

CPE    1
cpe:/a:snort:snort
OVAL    2
oval:org.secpod.oval:def:300967
oval:org.secpod.oval:def:300810

© SecPod Technologies