Vulnerability Details : CVE-2008-1804
preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment.
Products affected by CVE-2008-1804
- cpe:2.3:a:snort:snort:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-1804
2.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-1804
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
References for CVE-2008-1804
-
http://cvs.snort.org/viewcvs.cgi/snort/ChangeLog?rev=1.534.2.11
-
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00167.html
[SECURITY] Fedora 8 Update: snort-2.8.1-3.fc8
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=701
-
http://www.vupen.com/english/advisories/2008/1602
Site en construction
-
http://www.securityfocus.com/bid/29327
-
http://securitytracker.com/id?1020081
Access Denied
-
http://www.ipcop.org/index.php?name=News&file=article&sid=40
Just a moment...
-
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00156.html
[SECURITY] Fedora 9 Update: snort-2.8.1-3.fc9
-
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00198.html
[SECURITY] Fedora 7 Update: snort-2.8.1-3.fc7
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/42584
Snort TTL security bypass CVE-2008-1804 Vulnerability Report
-
http://cvs.snort.org/viewcvs.cgi/snort/src/preprocessors/spp_frag3.c.diff?r1=text&tr1=1.46.2.4&r2=text&tr2=1.46.2.5&diff_format=h
Jump to