Vulnerabilities > CVE-2005-3252 - Remote Stack Buffer Overflow vulnerability in Sourcefire Snort 2.4.0/2.4.1/2.4.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Exploit-Db
description Snort 2.4.0 - 2.4.3 Back Orifice Pre-Preprocessor Remote Exploit. CVE-2005-3252. Remote exploit for linux platform id EDB-ID:10026 last seen 2016-02-01 modified 2005-10-18 published 2005-10-18 reporter KaiJern Lau source https://www.exploit-db.com/download/10026/ title Snort 2.4.0 - 2.4.3 - Back Orifice Pre-Preprocessor Remote Exploit description Snort <= 2.4.2 Back Orifice Pre-Preprocessor Remote Exploit (3). CVE-2005-3252. Remote exploit for windows platform id EDB-ID:1313 last seen 2016-01-31 modified 2005-11-11 published 2005-11-11 reporter xort source https://www.exploit-db.com/download/1313/ title Snort <= 2.4.2 Back Orifice Pre-Preprocessor Remote Exploit 3 description Snort <= 2.4.2 Back Orifice Parsing Remote Buffer Overflow Exploit. CVE-2005-3252. Remote exploit for linux platform id EDB-ID:1272 last seen 2016-01-31 modified 2005-10-25 published 2005-10-25 reporter rd source https://www.exploit-db.com/download/1272/ title Snort <= 2.4.2 Back Orifice Parsing Remote Buffer Overflow Exploit description Snort Back Orifice Pre-Preprocessor Remote Exploit. CVE-2005-3252. Remote exploit for linux platform id EDB-ID:16834 last seen 2016-02-02 modified 2010-07-03 published 2010-07-03 reporter metasploit source https://www.exploit-db.com/download/16834/ title Snort Back Orifice Pre-Preprocessor Remote Exploit
Metasploit
| description | This module exploits a stack buffer overflow in the Back Orifice pre-processor module included with Snort versions 2.4.0, 2.4.1, 2.4.2, and 2.4.3. This vulnerability could be used to completely compromise a Snort sensor, and would typically gain an attacker full root or administrative privileges. |
| id | MSF:EXPLOIT/LINUX/IDS/SNORTBOPRE |
| last seen | 2020-03-10 |
| modified | 2017-07-24 |
| published | 2005-12-18 |
| references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3252 |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/ids/snortbopre.rb |
| title | Snort Back Orifice Pre-Preprocessor Buffer Overflow |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/82239/snortbopre.rb.txt |
| id | PACKETSTORM:82239 |
| last seen | 2016-12-05 |
| published | 2009-10-27 |
| reporter | Lau KaiJern |
| source | https://packetstormsecurity.com/files/82239/Snort-Back-Orifice-Stack-Overflow.html |
| title | Snort Back Orifice Stack Overflow |
Saint
| bid | 15131 |
| description | Snort Back Orifice Pre-Processor buffer overflow |
| id | misc_snort |
| osvdb | 20034 |
| title | snort_back_orifice |
| type | remote |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0505.html
- http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0010.html
- http://secunia.com/advisories/17220
- http://secunia.com/advisories/17255
- http://secunia.com/advisories/17559
- http://securitytracker.com/id?1015070
- http://www.kb.cert.org/vuls/id/175500
- http://www.osvdb.org/20034
- http://www.securityfocus.com/bid/15131
- http://www.snort.org/docs/change_logs/2.4.3/Changelog.txt
- http://www.us-cert.gov/cas/techalerts/TA05-291A.html
- http://www.vupen.com/english/advisories/2005/2138
- http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=362187&RenditionID=
- http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=363396&RenditionID=
- http://xforce.iss.net/xforce/alerts/id/207