Snort ICMP header size denial of service
|snort-icmp-dos (7874)||Medium Risk|
Snort is vulnerable to a denial of service, caused by an error in the interpreting of ICMP header size. A remote attacker can send a specially-crafted ICMP packet to the system to cause the Snort daemon to crash and dump core. The program must be restarted to regain normal functionality.
Denial of Service
Apply the patch for this vulnerability included in the BugTraq Mailing List posting dated Jan 10 2002 11:00PM. See References.
- BugTraq Mailing List, Thu Jan 10 2002 - 23:00:49 CST: Re: Snort core dumped.
- BugTraq Mailing List, Wed Jan 09 2002 - 23:26:15 CST: Snort core dumped.
- CIAC Information Bulletin M-033: Snort IDS Denial of Service Vulnerability.
- Internet Security Systems Security Alert #108: Remote Denial of Service Vulnerability in Snort IDS.
- Snort Web site: Snort.
- BID-3849: Snort ICMP Denial of Service Vulnerability
- CVE-2002-0115: Snort 1.8.3 does not properly define the minimum ICMP header size, which allows remote attackers to cause a denial of service (crash and core dump) via a malformed ICMP packet.
- OSVDB ID: 2022: Snort Minimum ICMP Header DoS
- Snort Snort 1.8.3
Jan 10, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this