MidnightBSD

Advisories for sourcefire

CVE-2003-0209 HIGH

Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sourcefire snort 1.8.3
sourcefire snort 1.8.6
smoothwall smoothwall 2.0_beta_4
sourcefire snort 1.8.2
sourcefire snort 1.8.7
sourcefire snort 1.8.5
sourcefire snort 1.9.1
sourcefire snort 1.9
sourcefire snort 1.8.1
sourcefire snort 1.8
sourcefire snort 1.8.4
CVE-2004-2652 HIGH

The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packets with invalid TCP/IP options, which trigger a null dereference.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sourcefire snort 2.2
sourcefire snort 2.1.0
sourcefire snort 2.1.3
sourcefire snort 2.1.1_rc1
CVE-2005-3252 HIGH

Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sourcefire snort 2.4.2
sourcefire snort 2.4.0
sourcefire snort 2.4.1
CVE-2006-0839 MEDIUM

The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sourcefire snort 2.4.3
CVE-2006-2769 MEDIUM

The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass "uricontent" rules via a carriage return (\r) after the URL and before the HTTP declaration.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sourcefire snort 2.4.3
sourcefire snort 2.4.2
sourcefire snort 2.4
sourcefire snort 2.4.4
sourcefire snort 2.4.1
CVE-2010-2306 MEDIUM

The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle (MITM) attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-16,

Products Affected

Vendor Product Version
sourcefire 3d9900 *
sourcefire 3d1000 *
sourcefire dc1000 *
sourcefire 3d2000 *