Vulnerabilities > CVE-2009-3641 - Denial Of Service vulnerability in Snort

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
snort
nessus
exploit available

Summary

Snort before 2.8.5.1, when the -v option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted IPv6 packet that uses the (1) TCP or (2) ICMP protocol.

Exploit-Db

  • descriptionSnort 2.8.5 Multiple Denial Of Service Vulnerabilities. CVE-2009-3641 . Dos exploit for linux platform
    idEDB-ID:33306
    last seen2016-02-03
    modified2009-10-22
    published2009-10-22
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/33306/
    titleSnort 2.8.5 - Multiple Denial Of Service Vulnerabilities
  • descriptionSnort. CVE-2009-3641. Dos exploits for multiple platform
    idEDB-ID:9969
    last seen2016-02-01
    modified2009-10-23
    published2009-10-23
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/9969/
    titleSnort <= 2.8.5 - IPv6 DoS

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-10751.NASL
    descriptionUpdate to 2.8.5.1 which includes a fix for CVE-2009-3641 DoS (crash) while printing specially crafted IPv6 packet using the -v option Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42881
    published2009-11-25
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42881
    titleFedora 10 : snort-2.8.5.1-1.fc10 (2009-10751)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2009-10751.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(42881);
      script_version("1.21");
      script_cvs_date("Date: 2019/08/02 13:32:29");
    
      script_cve_id("CVE-2009-3641");
      script_bugtraq_id(36795);
      script_xref(name:"FEDORA", value:"2009-10751");
    
      script_name(english:"Fedora 10 : snort-2.8.5.1-1.fc10 (2009-10751)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to 2.8.5.1 which includes a fix for CVE-2009-3641 DoS (crash)
    while printing specially crafted IPv6 packet using the -v option
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=530863"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-November/031304.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7cb0871c"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected snort package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:snort");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/10/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^10([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 10.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC10", reference:"snort-2.8.5.1-1.fc10")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "snort");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-10783.NASL
    descriptionUpdate to 2.8.5.1 which includes a fix for CVE-2009-3641 DoS (crash) while printing specially crafted IPv6 packet using the -v option Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42882
    published2009-11-25
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42882
    titleFedora 11 : snort-2.8.5.1-1.fc11 (2009-10783)