>
>
> TITLE:
> Snort frag3 Preprocessor Packet Reassembly Vulnerability
>
> SECUNIA ADVISORY ID:
> SA18959
>
> VERIFY ADVISORY:
>
>
> CRITICAL:
> Moderately critical
>
> IMPACT:
> Security Bypass
>
> WHERE:
> From remote
>
> SOFTWARE:
> Snort 2.4.x
>
>
> DESCRIPTION:
> siouxsie has reported a vulnerability in Snort, which potentially can
> be exploited by malicious people to bypass certain security
> restrictions.
>
> The vulnerability is caused due to an error in the frag3 preprocessor
> which causes snort to skip "ip_option_length" bytes from the end of
> the IP options when reassembling a packet. This can potentially be
> exploited to bypass signature detection via certain specially-crafted
> fragmented packets.
>
> The vulnerability has been reported in version 2.4.3. Other versions
> may also be affected.
>
> SOLUTION:
> Filter potentially malicious fragmented IP packets with a firewall.
>
> PROVIDED AND/OR DISCOVERED BY:
> siouxsie
>
> ----------------------------------------------------------------------
