CVE-2003-0033 : Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before 1.9.1 all

Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before 1.9.1 allows remote attackers to execute arbitrary code via fragmented RPC packets.

Published 2003-03-07 05:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2003-0033

Snort » Snort » Version: 1.8.1
cpe:2.3:a:snort:snort:1.8.1:*:*:*:*:*:*:*
Matching versions
Snort » Snort » Version: 1.8.2
cpe:2.3:a:snort:snort:1.8.2:*:*:*:*:*:*:*
Matching versions
Snort » Snort » Version: 1.8.0
cpe:2.3:a:snort:snort:1.8.0:*:*:*:*:*:*:*
Matching versions
Snort » Snort » Version: 1.8.7
cpe:2.3:a:snort:snort:1.8.7:*:*:*:*:*:*:*
Matching versions
Snort » Snort » Version: 1.9.0
cpe:2.3:a:snort:snort:1.9.0:*:*:*:*:*:*:*
Matching versions
Snort » Snort » Version: 1.8.5
cpe:2.3:a:snort:snort:1.8.5:*:*:*:*:*:*:*
Matching versions
Snort » Snort » Version: 1.8.6
cpe:2.3:a:snort:snort:1.8.6:*:*:*:*:*:*:*
Matching versions
Snort » Snort » Version: 1.8.3
cpe:2.3:a:snort:snort:1.8.3:*:*:*:*:*:*:*
Matching versions
Snort » Snort » Version: 1.8.4
cpe:2.3:a:snort:snort:1.8.4:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2003-0033

EPSS FAQ

51.59%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 98 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2003-0033

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2003-0033

http://www.debian.org/security/2003/dsa-297

Debian -- The Universal Operating System

CVEs referencing this url
http://www.linuxsecurity.com/advisories/engarde_advisory-2944.html

Stay Vigilant with Timely Linux Security Advisories - Page 1
http://www.iss.net/security_center/static/10956.php

Patch;Vendor Advisory
http://www.cert.org/advisories/CA-2003-13.html

2003 CERT Advisories
US Government Resource

CVEs referencing this url
http://marc.info/?l=bugtraq&m=105154530427824&w=2

'GLSA: snort (200304-06)' - MARC

CVEs referencing this url
http://www.kb.cert.org/vuls/id/916785

VU#916785 - Buffer overflow in Snort RPC preprocessor
Third Party Advisory;US Government Resource
http://marc.info/?l=bugtraq&m=104716001503409&w=2
http://www.securityfocus.com/bid/6963

Patch;Vendor Advisory
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:029
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951

Patch;Vendor Advisory
http://www.osvdb.org/4418
http://marc.info/?l=bugtraq&m=104673386226064&w=2

'Snort RPC Vulnerability (fwd)' - MARC

Jump to

Vulnerability Details : CVE-2003-0033

Products affected by CVE-2003-0033

Exploit prediction scoring system (EPSS) score for CVE-2003-0033

CVSS scores for CVE-2003-0033

References for CVE-2003-0033