search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets

Vulnerability Note VU#196240

Original Release Date: 2007-02-19 | Last Revised: 2008-01-30

Overview

A vulnerability in the Sourcefire Snort DCE/RPC preprocessor may allow a remote, unauthenticated attacker to execute arbitrary code.

Description

Sourcefire Snort is a widely-deployed, open-source network intrusion detection system (IDS). Snort and its components are used in other IDS products, notably Sourcefire, and Snort is included with a number of operating system distributions.

Snort preprocessors are modular plugins that extend functionality by operating on packets before the detection engine is run. The DCE/RPC preprocessor reassembles fragmented SMB and DCE/RPC packets so that Snort rules operate on a complete packet. The preprocessor does not properly reassemble SMB Write AndX commands, creating a stack buffer overflow vulnerability.

The DCE/RPC preprocessor is enabled by default and dynamically detects SMB traffic. An attacker does not have to complete a full TCP connection to exploit this vulnerability. According to ISS:
This vulnerability is in a dynamic-preprocessor enabled in the default configuration, and the configuration for this preprocessor allows for auto-recognition of SMB traffic to perform reassembly on. No checks are performed to see if the traffic is part of a valid TCP session, and multiple Write AndX requests can be chained in the same TCP segment. As a result, an attacker can exploit this overflow with a single TCP PDU sent across a network monitored by Snort or Sourcefire.
Note that this issue affects the following systems:

    • Snort 2.6.1, 2.6.1.1, and 2.6.1.2
    • Snort 2.7.0 beta 1
    • Sourcefire Intrusion Sensors versions 4.1.x, 4.5.x, and 4.6.x with SEUs prior to SEU 64
    • Sourcefire Intrusion Sensor Software for Crossbeam versions 4.1.x, 4.5.x and 4.6.x with SEUs prior to SEU 64
Exploit code for this vulnerability is publicly available.



This vulnerability occurred as a result of violating rule ARR33-C of the CERT Secure Coding Standard.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code with the privilege level of the Snort preprocessor. In most cases this would allow an attacker to compromise the system running Snort.

Solution

Upgrade
Sourcefire has released Snort 2.6.1.3 which is available from the Snort download site. See Snort document 2007-02-19 for more details. Sourcefire customers should see Sourcefire Support Login for more details on updates.

Disable the preprocessor


Disable the DCE/RPC preprocessor (dcerpc) by removing the DCE/RPC preprocessor directives from the configuration file (often /etc/snort.conf or user.conf). Note that disabling this preprocessor may allow fragmented attacks to evade the Snort sensor. See Sourcefire Advisory 2007-02-19 for more details.

Vendor Information

196240
 
Affected   Unknown   Unaffected

Gentoo Linux

Notified:  February 19, 2007 Updated:  March 12, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Linux Gentoo Security Advisory glsa-200703-01.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nortel Networks, Inc.

Notified:  February 19, 2007 Updated:  February 21, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=540173

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Snort

Notified:  February 17, 2007 Updated:  February 19, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Snort document 2007-02-19.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sourcefire

Notified:  February 17, 2007 Updated:  February 19, 2007

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Apple Computer, Inc.

Notified:  February 19, 2007 Updated:  February 22, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Cisco Systems, Inc.

Notified:  February 19, 2007 Updated:  February 20, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

F5 Networks, Inc.

Notified:  February 19, 2007 Updated:  February 23, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Force10 Networks, Inc.

Notified:  February 19, 2007 Updated:  March 22, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Foundry Networks, Inc.

Notified:  February 19, 2007 Updated:  January 30, 2008

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Intel Corporation

Notified:  February 19, 2007 Updated:  February 20, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Internet Security Systems, Inc.

Notified:  February 19, 2007 Updated:  February 20, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Intoto

Notified:  February 19, 2007 Updated:  February 20, 2007

Status

  Not Vulnerable

Vendor Statement

Intoto products are not vulnerable to the possible exploit documented in this vulnerability note, as they do not use Snort or Sourcefile Intrusion Sensor Software as its component.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Juniper Networks, Inc.

Notified:  February 19, 2007 Updated:  February 22, 2007

Status

  Not Vulnerable

Vendor Statement

Juniper Networks products are not susceptible to this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NetBSD

Notified:  February 19, 2007 Updated:  February 20, 2007

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Openwall GNU/*/Linux

Notified:  February 19, 2007 Updated:  February 20, 2007

Status

  Not Vulnerable

Vendor Statement

Openwall GNU/*/Linux is not vulnerable. We do not package Snort.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Red Hat, Inc.

Notified:  February 19, 2007 Updated:  February 21, 2007

Status

  Not Vulnerable

Vendor Statement

Not vulnerable. Snort is not shipped in any Red Hat product.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

3com, Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

AT&T

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Alcatel

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Avaya, Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Avici Systems, Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Borderware Technologies

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Charlotte's Web Networks

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Check Point Software Technologies

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Chiaro Networks, Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Clavister

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Computer Associates

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Conectiva Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Cray Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

D-Link Systems, Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Data Connection, Ltd.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

EMC, Inc. (formerly Data General Corporation)

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Engarde Secure Linux

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ericsson

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Extreme Networks

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fedora Project

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fortinet, Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

FreeBSD, Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fujitsu

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Global Technology Associates

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hewlett-Packard Company

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hitachi

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hyperchip

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation (zseries)

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM eServer

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IP Filter

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Immunix Communications, Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ingrian Networks, Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Linksys (A division of Cisco Systems)

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Lucent Technologies

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Luminous Networks

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Mandriva, Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Microsoft Corporation

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

MontaVista Software, Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Multinet (owned Process Software Corporation)

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Multitech, Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NEC Corporation

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Network Appliance, Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NextHop Technologies, Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Nokia

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Novell, Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

OpenBSD

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

QNX, Software Systems, Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Redback Networks, Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Riverstone Networks, Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

SUSE Linux

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Secure Computing Network Security Division

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Secureworx, Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Silicon Graphics, Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Slackware Linux Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sony Corporation

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Stonesoft

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sun Microsystems, Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Symantec, Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

The SCO Group

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Trustix Secure Linux

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Turbolinux

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ubuntu

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Unisys

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Watchguard Technologies, Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Wind River Systems, Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

ZyXEL

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

eSoft, Inc.

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

netfilter

Notified:  February 19, 2007 Updated:  February 19, 2007

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

This vulnerability was reported and researched by Neel Mehta from IBM ISS X-Force.

This document was written by Chris Taschner and Art Manion.

Other Information

CVE IDs: CVE-2006-5276
Severity Metric: 23.63
Date Public: 2007-02-19
Date First Published: 2007-02-19
Date Last Updated: 2008-01-30 20:45 UTC
Document Revision: 44

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.