CVE-2008-1804

Published: May 22, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

snort-ttl-security-bypass(42584)

vdb-entry

x_refsource_XF

http://cvs.snort.org/viewcvs.cgi/snort/src/preprocessors/spp_frag3.c.diff?r1=text&tr1=1.46.2.4&r2=text&tr2=1.46.2.5&diff_format=h

x_refsource_CONFIRM

FEDORA-2008-4986

vendor-advisory

x_refsource_FEDORA

1020081

vdb-entry

x_refsource_SECTRACK

ADV-2008-1602

vdb-entry

x_refsource_VUPEN

FEDORA-2008-5001

vendor-advisory

x_refsource_FEDORA

30348

third-party-advisory

x_refsource_SECUNIA

http://www.ipcop.org/index.php?name=News&file=article&sid=40

x_refsource_CONFIRM

29327

vdb-entry

x_refsource_BID

20080521 Multiple Vendor Snort IP Fragment TTL Evasion Vulnerability

third-party-advisory

x_refsource_IDEFENSE

http://cvs.snort.org/viewcvs.cgi/snort/ChangeLog?rev=1.534.2.11

x_refsource_CONFIRM

FEDORA-2008-5045

vendor-advisory

x_refsource_FEDORA

31204

third-party-advisory

x_refsource_SECUNIA

30563

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2008-1804

Description

Affected Products

References