Vulnerabilities > CVE-2003-0033 - Buffer Overflow vulnerability in Snort RPC Preprocessor Fragment Reassembly
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before 1.9.1 allows remote attackers to execute arbitrary code via fragmented RPC packets.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 9 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-297.NASL description Two vulnerabilities have been discovered in Snort, a popular network intrusion detection system. Snort comes with modules and plugins that perform a variety of functions such as protocol analysis. The following issues have been identified : Heap overflow in Snort last seen 2020-06-01 modified 2020-06-02 plugin id 15134 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15134 title Debian DSA-297-1 : snort - integer overflow, buffer overflow NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-029.NASL description A buffer overflow was discovered in the snort RPC normalization routines by ISS-XForce which can cause snort to execute arbitrary code embedded within sniffed network packets. The rpc_decode preprocessor is enabled by default. The snort developers have released version 1.9.1 to correct this behaviour; snort versions from 1.8 up to 1.9.0 are vulnerable. For those unable to upgrade, you can disable the rpc_decode preprocessor by commenting out the line (place a last seen 2020-06-01 modified 2020-06-02 plugin id 14013 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14013 title Mandrake Linux Security Advisory : snort (MDKSA-2003:029)
References
- http://marc.info/?l=bugtraq&m=104673386226064&w=2
- http://marc.info/?l=bugtraq&m=104716001503409&w=2
- http://marc.info/?l=bugtraq&m=105154530427824&w=2
- http://www.cert.org/advisories/CA-2003-13.html
- http://www.debian.org/security/2003/dsa-297
- http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951
- http://www.iss.net/security_center/static/10956.php
- http://www.kb.cert.org/vuls/id/916785
- http://www.linuxsecurity.com/advisories/engarde_advisory-2944.html
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:029
- http://www.osvdb.org/4418
- http://www.securityfocus.com/bid/6963