SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Cisco Snort Vendors:   snort.org
Snort Lets Remote Users Bypass 'uricontent' Rules
SecurityTracker Alert ID:  1016191
SecurityTracker URL:  http://securitytracker.com/id/1016191
CVE Reference:   CVE-2006-2769   (Links to External Site)
Updated:  Jun 6 2006
Original Entry Date:  May 31 2006
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2.4.4 and prior versions
Description:   A vulnerability was reported in Snort. A remote user can bypass 'uricontent' rules to evade detection.

A remote user can send a specially crafted URL that is appended with a carriage return (directly before the HTTP protocol declaration) to bypass detection of "uricontent" rules.

Thousands of rules in the standard Snort base rule sets are affected.

This vulnerability is being actively exploited.

Blake Hartstein of the Demarc Threat Research Team discovered this vulnerability.

The original advisory is available at:

http://www.demarc.com/support/downloads/patch_20060531

Impact:   A remote user can bypass 'uricontent' rules to evade detection.
Solution:   The vendor has issued fixed versions (2.4.5 and 2.6.0).
Vendor URL:  www.snort.org/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC