CVE-2002-0115
CVSS5.0
发布时间 :2002-03-25 00:00:00
修订时间 :2008-09-10 20:00:32
NMCOE    

[原文]Snort 1.8.3 does not properly define the minimum ICMP header size, which allows remote attackers to cause a denial of service (crash and core dump) via a malformed ICMP packet.


[CNNVD]Snort ICMP远程拒绝服务攻击漏洞(CNNVD-200203-067)

        
        Snort是一个轻量级的入侵检测系统(intrusion detection system)。它最初是在Linux平台下开发的,现在已经被移植到Windows平台下。Snort能够灵活地对网络流量提供强大的分析能力,能够检测到大多数的网络攻击。
        某些版本的Snort设计上存在漏洞,可以使远程攻击者对Snort程序进行拒绝服务攻击。
        当Snort收到一个特别构造的ICMP数据包时,Snort守护进程就会崩溃。这是由于Snort错误地定义了ICMP最小头为8字节。要让Snort恢复功能需要重启进程。很可能以前的Snort版本也受此漏洞的影响。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0115
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0115
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200203-067
(官方数据源) CNNVD

- 其它链接及资源

http://www.iss.net/security_center/static/7874.php
(VENDOR_ADVISORY)  XF  snort-icmp-dos(7874)
http://online.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-03-08&end=2002-03-14&mid=249623&threads=1
(PATCH)  BUGTRAQ  20020110 Re: Snort core dumped
http://online.securityfocus.com/archive/1/249340
(UNKNOWN)  BUGTRAQ  20020110 Snort core dumped
http://www.securityfocus.com/bid/3849
(UNKNOWN)  BID  3849
http://www.osvdb.org/2022
(UNKNOWN)  OSVDB  2022

- 漏洞信息

Snort ICMP远程拒绝服务攻击漏洞
中危 边界条件错误
2002-03-25 00:00:00 2005-05-02 00:00:00
远程  
        
        Snort是一个轻量级的入侵检测系统(intrusion detection system)。它最初是在Linux平台下开发的,现在已经被移植到Windows平台下。Snort能够灵活地对网络流量提供强大的分析能力,能够检测到大多数的网络攻击。
        某些版本的Snort设计上存在漏洞,可以使远程攻击者对Snort程序进行拒绝服务攻击。
        当Snort收到一个特别构造的ICMP数据包时,Snort守护进程就会崩溃。这是由于Snort错误地定义了ICMP最小头为8字节。要让Snort恢复功能需要重启进程。很可能以前的Snort版本也受此漏洞的影响。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 给1.8.3的Snort源码打如下的补丁:
        --- olddecode.h Thu Jan 10 15:47:48 2002
        +++ decode.h Thu Jan 10 12:15:33 2002
        @@ -105,7 +105,7 @@
         #define IP_HEADER_LEN 20
         #define TCP_HEADER_LEN 20
         #define UDP_HEADER_LEN 8
        -#define ICMP_HEADER_LEN 8
        +#define ICMP_HEADER_LEN 4
        
         #define TH_FIN 0x01
         #define TH_SYN 0x02
        重新编译程序。
        厂商补丁:
        Martin Roesch
        -------------
        目前厂商已经提供了补丁并且在最新版本的软件中修补了这个问题,我们建议使用此软件的用户到厂商的主页获取最新版本:
        
        http://www.snort.org

- 漏洞信息 (21213)

Snort 1.8.3 ICMP Denial of Service Vulnerability (EDBID:21213)
multiple dos
2002-01-10 Verified
0 Sinbad
N/A [点击下载]
source: http://www.securityfocus.com/bid/3849/info

Snort is a network intrusion detection system (IDS). It is originally written for Linux and Unix systems, although it has also been ported to run under Microsoft Windows. Snort is capable of flexible and powerful content analysis of network traffic, and can detect a large number of attack attempts.

An error exists in some versions of Snort. If a maliciously constructed ICMP packet is received, the daemon will crash. This is caused because Snort erroneously defines the minimum ICMP header size as 8 bytes. A restart will be required to regain normally functionality. 

ping -c1 -s1 host 		

- 漏洞信息

2022
Snort Minimum ICMP Header Parsing Remote DoS
Remote / Network Access Denial of Service
Loss of Availability Upgrade
Exploit Public Vendor Verified, Third-party Verified

- 漏洞描述

Snort contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker sends a specially crafted ICMP packet, and will result in loss of availability for the service.

- 时间线

2002-01-09 Unknow
2002-01-09 Unknow

- 解决方案

Upgrade to version 1.8.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站