CVE-2004-2652
published 2004-12-31CVE-2004-2652: The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to…
PriorityP334high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
11.19%
95.4th percentile
The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packets with invalid TCP/IP options, which trigger a null dereference.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sourcefire | snort | — | — |
| sourcefire | snort | — | — |
| sourcefire | snort | — | — |
| sourcefire | snort | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Snort 2.1/2.2 - DecodeTCPOptions Remote Denial of Service (1)
exploitdb·2004-12-22
CVE-2004-2652 Snort 2.1/2.2 - DecodeTCPOptions Remote Denial of Service (1)
Snort 2.1/2.2 - DecodeTCPOptions Remote Denial of Service (1)
---
// source: https://www.securityfocus.com/bid/12084/info
Snort is reported prone to a remote denial of service vulnerability. The vulnerability is reported to exist in the DecodeTCPOptions() function of 'decode.c', and is as a result of a failure to sufficiently handle malicious TCP packets.
A remote attacker may trigger this vulnerability to crash a remote Snort server and in doing so may prevent subsequent malicious attacks from being detected.
/*
* snort >= 2.1.3 TCP/IP options bug proof of concept
* by Marcin Zgorecki
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define DADDR "127.0.0.1"
int main(int argc, char **argv)
{
int s;
/* TCP MSS option, should be: "\x02\04\x
Exploit-DB
Snort 2.1/2.2 - DecodeTCPOptions Remote Denial of Service (2)
exploitdb·2004-12-22
CVE-2004-2652 Snort 2.1/2.2 - DecodeTCPOptions Remote Denial of Service (2)
Snort 2.1/2.2 - DecodeTCPOptions Remote Denial of Service (2)
---
// source: https://www.securityfocus.com/bid/12084/info
Snort is reported prone to a remote denial of service vulnerability. The vulnerability is reported to exist in the DecodeTCPOptions() function of 'decode.c', and is as a result of a failure to sufficiently handle malicious TCP packets.
A remote attacker may trigger this vulnerability to crash a remote Snort server and in doing so may prevent subsequent malicious attacks from being detected.
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define BINARYBETA
void printUsage()
{
printf("./angelDust -D -S \n");
printf("Please as with all inhalants use wisely in the comfort of your own home\n");
}
int main(int argc,
No writeups or analysis indexed.
http://secunia.com/advisories/13664http://securitytracker.com/id?1012656http://taosecurity.blogspot.com/2004/12/details-on-snort-dos-condition-you-may.htmlhttp://www.frsirt.com/exploits/20041222.angelDust.c.phphttp://www.osvdb.org/12578http://www.securiteam.com/exploits/6X00L20C0S.htmlhttp://www.securityfocus.com/bid/12084http://www.snort.org/arc_news/https://exchange.xforce.ibmcloud.com/vulnerabilities/18689http://secunia.com/advisories/13664http://securitytracker.com/id?1012656http://taosecurity.blogspot.com/2004/12/details-on-snort-dos-condition-you-may.htmlhttp://www.frsirt.com/exploits/20041222.angelDust.c.phphttp://www.osvdb.org/12578http://www.securiteam.com/exploits/6X00L20C0S.htmlhttp://www.securityfocus.com/bid/12084http://www.snort.org/arc_news/https://exchange.xforce.ibmcloud.com/vulnerabilities/18689
2004-12-31
Published