• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Snort Inline Fragmentation Denial of Service Vulnerability

Snort is prone to a denial-of-service vulnerability because the network intrusion-detection (NID) system fails to handle specially crafted network packets.

An attacker can exploit this issue to crash the application, allowing malicious network traffic to bypass the NID system.

This issue affects versions 2.6.1.1, 2.6.1.2, and 2.7.0(beta); other versions may also be affected.

NOTE: Reportedly, for this vulnerability to occur, Snort must be running Inline on Linux, with Frag3 enabled and ip_conntrack disabled.