Check Point Advisories

Preemptive Protection against Snort Inline Fragmentation Denial of Service Vulnerability

Check Point Reference: CPAI-2007-038
Date Published: 29 Mar 2007
Severity: Medium
Last Updated: Wednesday 25 April, 2007
Source:
Industry Reference:CVE-2007-1398
Protection Provided by:
Who is Vulnerable? Project Snort 2.6.1.1
Project Snort 2.6.1.2
Project Snort 2.7.0 beta
Vulnerability Description Snort is an open source network intrusion prevention and detection system. The frag3 preprocessor in Snort when configured for inline use on Linux is prone to a denial of service vulnerability. A remote attacker could exploit this issue to cause the application to crash on a target system.
Vulnerability DetailsThe vulnerability is due to an error in Snort Intrusion Detection System when it reassembles fragmented packets. The system fails to properly handle overlapping IP fragments. An attacker can trigger this flaw by sending a crafted packet followed by a malformed overlap packet. Successful exploitation of this flaw will cause the Snort Intrusion Detection System to crash.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK