Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-1804

preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment.

Related bugs and status

CVE-2008-1804 (Candidate) is related to these bugs:

Bug #235901: [CVE-2008-1804] Snort IP fragment TTL evasion vulnerability

		In	Importance	Status
235901	[CVE-2008-1804] Snort IP fragment TTL evasion vulnerability	snort (Ubuntu)	Low	Fix Released
235901	[CVE-2008-1804] Snort IP fragment TTL evasion vulnerability	snort (Ubuntu Gutsy)	Undecided	Won't Fix
235901	[CVE-2008-1804] Snort IP fragment TTL evasion vulnerability	snort (Ubuntu Hardy)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

IDEFENSE: 20080521 Multiple Vend...
CONFIRM: http://cvs.snort.org/v...
BID: 29327
SECTRACK: 1020081
SECUNIA: 30348
SECUNIA: 31204
FEDORA: FEDORA-2008-4986
FEDORA: FEDORA-2008-5001
FEDORA: FEDORA-2008-5045
SECUNIA: 30563
VUPEN: ADV-2008-1602
CONFIRM: http://cvs.snort.org/v...
CONFIRM: http://www.ipcop.org/i...
XF: snort-ttl-security-byp...