Vulnerabilities > CVE-2009-3641 - Denial Of Service vulnerability in Snort
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Snort before 2.8.5.1, when the -v option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted IPv6 packet that uses the (1) TCP or (2) ICMP protocol.
Vulnerable Configurations
Exploit-Db
description Snort 2.8.5 Multiple Denial Of Service Vulnerabilities. CVE-2009-3641 . Dos exploit for linux platform id EDB-ID:33306 last seen 2016-02-03 modified 2009-10-22 published 2009-10-22 reporter laurent gaffie source https://www.exploit-db.com/download/33306/ title Snort 2.8.5 - Multiple Denial Of Service Vulnerabilities description Snort. CVE-2009-3641. Dos exploits for multiple platform id EDB-ID:9969 last seen 2016-02-01 modified 2009-10-23 published 2009-10-23 reporter laurent gaffie source https://www.exploit-db.com/download/9969/ title Snort <= 2.8.5 - IPv6 DoS
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2009-10751.NASL description Update to 2.8.5.1 which includes a fix for CVE-2009-3641 DoS (crash) while printing specially crafted IPv6 packet using the -v option Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 42881 published 2009-11-25 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42881 title Fedora 10 : snort-2.8.5.1-1.fc10 (2009-10751) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2009-10751. # include("compat.inc"); if (description) { script_id(42881); script_version("1.21"); script_cvs_date("Date: 2019/08/02 13:32:29"); script_cve_id("CVE-2009-3641"); script_bugtraq_id(36795); script_xref(name:"FEDORA", value:"2009-10751"); script_name(english:"Fedora 10 : snort-2.8.5.1-1.fc10 (2009-10751)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to 2.8.5.1 which includes a fix for CVE-2009-3641 DoS (crash) while printing specially crafted IPv6 packet using the -v option Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=530863" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-November/031304.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7cb0871c" ); script_set_attribute(attribute:"solution", value:"Update the affected snort package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:snort"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:10"); script_set_attribute(attribute:"patch_publication_date", value:"2009/10/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^10([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 10.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC10", reference:"snort-2.8.5.1-1.fc10")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "snort"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2009-10783.NASL description Update to 2.8.5.1 which includes a fix for CVE-2009-3641 DoS (crash) while printing specially crafted IPv6 packet using the -v option Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 42882 published 2009-11-25 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42882 title Fedora 11 : snort-2.8.5.1-1.fc11 (2009-10783)
References
- http://dl.snort.org/snort-current/release_notes_2851.txt
- http://marc.info/?l=oss-security&m=125649553414700&w=2
- http://seclists.org/fulldisclosure/2009/Oct/299
- http://secunia.com/advisories/37135
- http://securitytracker.com/id?1023076
- http://vrt-sourcefire.blogspot.com/2009/10/snort-2851-release.html
- http://www.openwall.com/lists/oss-security/2009/10/25/5
- http://www.osvdb.org/59159
- http://www.securityfocus.com/bid/36795
- http://www.vupen.com/english/advisories/2009/3014
- https://bugzilla.redhat.com/show_bug.cgi?id=530863
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53912