APP: Malformed Packet Exploit
This signature detects attempts to exploit a known vulnerability in Snort 1.9.1 and earlier versions. Attackers can exploit Snort RPC validation to generate a shell that runs with Snort user privileges (typically root), possibly creating a denial-of-service condition, or executing arbitrary code.
Extended Description
A vulnerability in the Snort network IDS has been discovered that may allow for remote attackers to compromise hosts using the system. The vulnerability is due to a programmatic flaw in the RPC preprocessor. This preprocessor is enabled by default. Successful attacks may result in the execution of instructions on the IDS system with root privileges.
Affected Products
Snort_project snort
References
BugTraq: 6963
CVE: CVE-2003-0033
URL: http://www.linuxsecurity.com/content/view/113539/65/ http://www.ciac.org/ciac/bulletins/n-049.shtml
Short Name
APP:SNORT:GARBAGE-PACKET
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CA-2003-13 CVE-2003-0033 Exploit Malformed Packet bid:6963
Release Date
05/15/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Smoothwall
Snort_project
CVSS Score
10.0