Vulnerabilities > CVE-2006-5276 - Stack Buffer Overflow vulnerability in Snort/Sourcefire DCE/RPC Packet Reassembly
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic. All affected Sourcefire Intrustion Sensor products are only vulnerable if they are used with SEUs prior to SEU 64. Upgrade to the latest version of Snort (2.6.1.3 or later), available from the Snort Web site.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | Snort
| 18 |
| Application | 6 |
Exploit-Db
description Snort 2.6.1 DCE/RPC Preprocessor Remote Buffer Overflow Exploit. CVE-2006-5276. Remote exploit for windows platform id EDB-ID:3391 last seen 2016-01-31 modified 2007-03-01 published 2007-03-01 reporter Trirat Puttaraksa source https://www.exploit-db.com/download/3391/ title Snort 2.6.1 DCE/RPC Preprocessor Remote Buffer Overflow Exploit description Snort 2 DCE/RPC preprocessor Buffer Overflow. CVE-2006-5276. Remote exploits for multiple platform id EDB-ID:18723 last seen 2016-02-02 modified 2012-04-09 published 2012-04-09 reporter metasploit source https://www.exploit-db.com/download/18723/ title Snort 2 DCE/RPC preprocessor Buffer Overflow description Snort 2.6.1 DCE/RPC Preprocessor Remote Buffer Overflow Exploit (linux). CVE-2006-5276. Remote exploit for linux platform id EDB-ID:3609 last seen 2016-01-31 modified 2007-03-30 published 2007-03-30 reporter Winny Thomas source https://www.exploit-db.com/download/3609/ title Snort 2.6.1 DCE/RPC Preprocessor Remote Buffer Overflow Exploit linux description Snort 2.6.1 DCE/RPC Preprocessor Remote Buffer Overflow DoS Exploit. CVE-2006-5276. Dos exploits for multiple platform file exploits/multiple/dos/3362.py id EDB-ID:3362 last seen 2016-01-31 modified 2007-02-23 platform multiple port published 2007-02-23 reporter Trirat Puttaraksa source https://www.exploit-db.com/download/3362/ title Snort 2.6.1 DCE/RPC Preprocessor Remote Buffer Overflow DoS Exploit type dos
Metasploit
| description | This module allows remote attackers to execute arbitrary code by exploiting the Snort service via crafted SMB traffic. The vulnerability is due to a boundary error within the DCE/RPC preprocessor when reassembling SMB Write AndX requests, which may result a stack-based buffer overflow with a specially crafted packet sent on a network that is monitored by Snort. Vulnerable versions include Snort 2.6.1, 2.7 Beta 1 and SourceFire IDS 4.1, 4.5 and 4.6. Any host on the Snort network may be used as the remote host. The remote host does not need to be running the SMB service for the exploit to be successful. |
| id | MSF:EXPLOIT/MULTI/IDS/SNORT_DCE_RPC |
| last seen | 2020-03-09 |
| modified | 2017-07-24 |
| published | 2012-06-05 |
| references |
|
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/ids/snort_dce_rpc.rb |
| title | Snort 2 DCE/RPC Preprocessor Buffer Overflow |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200703-01.NASL description The remote host is affected by the vulnerability described in GLSA-200703-01 (Snort: Remote execution of arbitrary code) The Snort DCE/RPC preprocessor does not properly reassemble certain types of fragmented SMB and DCE/RPC packets. Impact : A remote attacker could send specially crafted fragmented SMB or DCE/RPC packets, without the need to finish the TCP handshake, that would trigger a stack-based buffer overflow while being reassembled. This could lead to the execution of arbitrary code with the permissions of the user running the Snort preprocessor. Workaround : Disable the DCE/RPC processor by commenting the last seen 2020-06-01 modified 2020-06-02 plugin id 24749 published 2007-03-02 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24749 title GLSA-200703-01 : Snort: Remote execution of arbitrary code code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200703-01. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(24749); script_version("1.20"); script_cvs_date("Date: 2019/08/02 13:32:43"); script_cve_id("CVE-2006-5276"); script_xref(name:"GLSA", value:"200703-01"); script_name(english:"GLSA-200703-01 : Snort: Remote execution of arbitrary code"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200703-01 (Snort: Remote execution of arbitrary code) The Snort DCE/RPC preprocessor does not properly reassemble certain types of fragmented SMB and DCE/RPC packets. Impact : A remote attacker could send specially crafted fragmented SMB or DCE/RPC packets, without the need to finish the TCP handshake, that would trigger a stack-based buffer overflow while being reassembled. This could lead to the execution of arbitrary code with the permissions of the user running the Snort preprocessor. Workaround : Disable the DCE/RPC processor by commenting the 'preprocessor dcerpc' section in /etc/snort/snort.conf ." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200703-01" ); script_set_attribute( attribute:"solution", value: "All Snort users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/snort-2.6.1.3'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Snort 2 DCE/RPC Preprocessor Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:snort"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/02/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/03/02"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-analyzer/snort", unaffected:make_list("ge 2.6.1.3"), vulnerable:make_list("lt 2.6.1.3"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Snort"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_AFDF500FC1F611DB95C5000C6EC775D9.NASL description A IBM Internet Security Systems Protection Advisory reports : Snort is vulnerable to a stack-based buffer overflow as a result of DCE/RPC reassembly. This vulnerability is in a dynamic-preprocessor enabled in the default configuration, and the configuration for this preprocessor allows for auto-recognition of SMB traffic to perform reassembly on. No checks are performed to see if the traffic is part of a valid TCP session, and multiple Write AndX requests can be chained in the same TCP segment. As a result, an attacker can exploit this overflow with a single TCP PDU sent across a network monitored by Snort or Sourcefire. Snort users who cannot upgrade immediately are advised to disable the DCE/RPC preprocessor by removing the DCE/RPC preprocessor directives from snort.conf and restarting Snort. However, be advised that disabling the DCE/RPC preprocessor reduces detection capabilities for attacks in DCE/RPC traffic. After upgrading, customers should re-enable the DCE/RPC preprocessor. last seen 2020-06-01 modified 2020-06-02 plugin id 24686 published 2007-02-22 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24686 title FreeBSD : snort -- DCE/RPC preprocessor vulnerability (afdf500f-c1f6-11db-95c5-000c6ec775d9) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(24686); script_version("1.23"); script_cvs_date("Date: 2019/08/02 13:32:39"); script_cve_id("CVE-2006-5276"); script_xref(name:"CERT", value:"196240"); script_name(english:"FreeBSD : snort -- DCE/RPC preprocessor vulnerability (afdf500f-c1f6-11db-95c5-000c6ec775d9)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "A IBM Internet Security Systems Protection Advisory reports : Snort is vulnerable to a stack-based buffer overflow as a result of DCE/RPC reassembly. This vulnerability is in a dynamic-preprocessor enabled in the default configuration, and the configuration for this preprocessor allows for auto-recognition of SMB traffic to perform reassembly on. No checks are performed to see if the traffic is part of a valid TCP session, and multiple Write AndX requests can be chained in the same TCP segment. As a result, an attacker can exploit this overflow with a single TCP PDU sent across a network monitored by Snort or Sourcefire. Snort users who cannot upgrade immediately are advised to disable the DCE/RPC preprocessor by removing the DCE/RPC preprocessor directives from snort.conf and restarting Snort. However, be advised that disabling the DCE/RPC preprocessor reduces detection capabilities for attacks in DCE/RPC traffic. After upgrading, customers should re-enable the DCE/RPC preprocessor." ); # http://xforce.iss.net/xforce/xfdb/31275 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?cddab8bb" ); # http://www.snort.org/docs/advisory-2007-02-19.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?24d71b61" ); # https://vuxml.freebsd.org/freebsd/afdf500f-c1f6-11db-95c5-000c6ec775d9.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?90a93074" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Snort 2 DCE/RPC Preprocessor Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:snort"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/19"); script_set_attribute(attribute:"patch_publication_date", value:"2007/02/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"snort>=2.6.1<2.6.1.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2007-2060.NASL description This build moves from manual linking to alternatives. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27749 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27749 title Fedora 7 : snort-2.7.0.1-3.fc7 (2007-2060) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-2060. # include("compat.inc"); if (description) { script_id(27749); script_version ("1.20"); script_cvs_date("Date: 2019/08/02 13:32:25"); script_cve_id("CVE-2006-5276"); script_xref(name:"FEDORA", value:"2007-2060"); script_name(english:"Fedora 7 : snort-2.7.0.1-3.fc7 (2007-2060)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This build moves from manual linking to alternatives. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-September/003647.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?97f7ef15" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Snort 2 DCE/RPC Preprocessor Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:snort"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:snort-bloat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:snort-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:snort-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:snort-mysql+flexresp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:snort-plain+flexresp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:snort-postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:snort-postgresql+flexresp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:snort-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:snort-snmp+flexresp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"patch_publication_date", value:"2007/09/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"snort-2.7.0.1-3.fc7")) flag++; if (rpm_check(release:"FC7", reference:"snort-bloat-2.7.0.1-3.fc7")) flag++; if (rpm_check(release:"FC7", reference:"snort-debuginfo-2.7.0.1-3.fc7")) flag++; if (rpm_check(release:"FC7", reference:"snort-mysql-2.7.0.1-3.fc7")) flag++; if (rpm_check(release:"FC7", reference:"snort-mysql+flexresp-2.7.0.1-3.fc7")) flag++; if (rpm_check(release:"FC7", reference:"snort-plain+flexresp-2.7.0.1-3.fc7")) flag++; if (rpm_check(release:"FC7", reference:"snort-postgresql-2.7.0.1-3.fc7")) flag++; if (rpm_check(release:"FC7", reference:"snort-postgresql+flexresp-2.7.0.1-3.fc7")) flag++; if (rpm_check(release:"FC7", reference:"snort-snmp-2.7.0.1-3.fc7")) flag++; if (rpm_check(release:"FC7", reference:"snort-snmp+flexresp-2.7.0.1-3.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "snort / snort-bloat / snort-debuginfo / snort-mysql / etc"); }
Packetstorm
data source https://packetstormsecurity.com/files/download/54632/snort-py.txt id PACKETSTORM:54632 last seen 2016-12-05 published 2007-02-24 reporter Trirat Puttaraksa source https://packetstormsecurity.com/files/54632/snort-py.txt.html title snort-py.txt data source https://packetstormsecurity.com/files/download/111677/snort_dce_rpc.rb.txt id PACKETSTORM:111677 last seen 2016-12-05 published 2012-04-10 reporter Neel Mehta source https://packetstormsecurity.com/files/111677/Snort-2-DCE-RPC-Preprocessor-Buffer-Overflow.html title Snort 2 DCE/RPC Preprocessor Buffer Overflow
Saint
| bid | 22616 |
| description | Snort DCE/RPC preprocessor buffer overflow |
| id | misc_snort |
| osvdb | 32094 |
| title | snort_dcerpc |
| type | remote |
Seebug
| bulletinFamily | exploit |
| description | No description provided by source. |
| id | SSV:6573 |
| last seen | 2017-11-19 |
| modified | 2007-04-03 |
| published | 2007-04-03 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-6573 |
| title | Snort 2.6.1 DCE/RPC Preprocessor Remote Buffer Overflow Exploit (linux) |
References
- http://fedoranews.org/updates/FEDORA-2007-206.shtml
- http://iss.net/threats/257.html
- http://secunia.com/advisories/24190
- http://secunia.com/advisories/24235
- http://secunia.com/advisories/24239
- http://secunia.com/advisories/24240
- http://secunia.com/advisories/24272
- http://secunia.com/advisories/26746
- http://security.gentoo.org/glsa/glsa-200703-01.xml
- http://www.kb.cert.org/vuls/id/196240
- http://www.osvdb.org/32094
- http://www.securityfocus.com/archive/1/461810/100/0/threaded
- http://www.securityfocus.com/bid/22616
- http://www.securitytracker.com/id?1017669
- http://www.securitytracker.com/id?1017670
- http://www.snort.org/docs/advisory-2007-02-19.html
- http://www.us-cert.gov/cas/techalerts/TA07-050A.html
- http://www.vupen.com/english/advisories/2007/0656
- http://www.vupen.com/english/advisories/2007/0668
- http://www116.nortelnetworks.com/pub/repository/CLARIFY/DOCUMENT/2007/08/021923-01.pdf
- http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=540173
- https://bugzilla.redhat.com/show_bug.cgi?id=229265
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31275
- https://www.exploit-db.com/exploits/3362