CVE-2006-5276

Current Description

Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic.

Evaluator Description

All affected Sourcefire Intrustion Sensor products are only vulnerable if they are used with SEUs prior to SEU 64.

Evaluator Solution

Upgrade to the latest version of Snort (2.6.1.3 or later), available from the Snort Web site.

Basic Data

Published	February 20, 2007
Last Modified	October 17, 2018
Assigner	cve@mitre.org
Data Type	CVE
Data Format	MITRE
Data Version	4.0
Problem Type	NVD-CWE-Other
CVE Data Version	4.0

Base Metric V2

CVSS 2 - Version	2.0
CVSS 2 - Vector String	AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access Vector	NETWORK
CVSS 2 - Access Complexity	LOW
CVSS 2 - Authentication	NONE
CVSS 2 - Confidentiality Impact	COMPLETE
CVSS 2 - Availability Impact	COMPLETE
CVSS 2 - Base Score	10.0
Severity	HIGH
Exploitability Score	10.0
Impact Score	10.0
Obtain All Privilege	true
Obtain User Privilege	false
Obtain Other Privilege	false

Base Metric V3

No data provided.

Configurations

OR - Configuration 1

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other	Version End Including
2.3	Application	Snort	Snort	2.6.1	*	*	*	*	*	*	*
2.3	Application	Snort	Snort	2.6.1.1	*	*	*	*	*	*	*
2.3	Application	Snort	Snort	*	*	*	*	*	*	*	*	2.6.1.2
2.3	Application	Snort	Snort	2.7_beta1	*	*	*	*	*	*	*
2.3	Application	Sourcefire	Intrusion Sensor	4.1	*	*	*	*	*	*	*
2.3	Application	Sourcefire	Intrusion Sensor	4.1	*	crossbeam	*	*	*	*	*
2.3	Application	Sourcefire	Intrusion Sensor	4.5	*	*	*	*	*	*	*
2.3	Application	Sourcefire	Intrusion Sensor	4.5	*	crossbeam	*	*	*	*	*
2.3	Application	Sourcefire	Intrusion Sensor	4.6	*	*	*	*	*	*	*
2.3	Application	Sourcefire	Intrusion Sensor	4.6	*	crossbeam	*	*	*	*	*

Vulnerable Software List

Vendor	Product	Versions
Snort	Snort	*, 2.6.1, 2.6.1.1, 2.7_beta1
Sourcefire	Intrusion Sensor	4.1, 4.5, 4.6

References

Name	Source	URL	Tags
FEDORA-2007-2060	http://fedoranews.org/updates/FEDORA-2007-206.shtml	FEDORA
20070219 Sourcefire Snort Remote Buffer Overflow	http://iss.net/threats/257.html	ISS	Vendor Advisory
24190	http://secunia.com/advisories/24190	SECUNIA
24235	http://secunia.com/advisories/24235	SECUNIA
24239	http://secunia.com/advisories/24239	SECUNIA
24240	http://secunia.com/advisories/24240	SECUNIA
24272	http://secunia.com/advisories/24272	SECUNIA
26746	http://secunia.com/advisories/26746	SECUNIA
GLSA-200703-01	http://security.gentoo.org/glsa/glsa-200703-01.xml	GENTOO
VU#196240	http://www.kb.cert.org/vuls/id/196240	CERT-VN	US Government Resource
32094	http://www.osvdb.org/32094	OSVDB
20070303 ERRATA: [ GLSA 200703-01 ] Snort: Remote execution of arbitrary code	http://www.securityfocus.com/archive/1/461810/100/0/threaded	BUGTRAQ
22616	http://www.securityfocus.com/bid/22616	BID
1017669	http://www.securitytracker.com/id?1017669	SECTRACK
1017670	http://www.securitytracker.com/id?1017670	SECTRACK
http://www.snort.org/docs/advisory-2007-02-19.html	http://www.snort.org/docs/advisory-2007-02-19.html	CONFIRM	Vendor Advisory
TA07-050A	http://www.us-cert.gov/cas/techalerts/TA07-050A.html	CERT	Third Party Advisory US Government Resource
ADV-2007-0656	http://www.vupen.com/english/advisories/2007/0656	VUPEN
ADV-2007-0668	http://www.vupen.com/english/advisories/2007/0668	VUPEN
http://www116.nortelnetworks.com/pub/repository/CLARIFY/DOCUMENT/2007/08/021923-01.pdf	http://www116.nortelnetworks.com/pub/repository/CLARIFY/DOCUMENT/2007/08/021923-01.pdf	CONFIRM
http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=540173	http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=540173	CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=229265	https://bugzilla.redhat.com/show_bug.cgi?id=229265	MISC
smb-bo(31275)	https://exchange.xforce.ibmcloud.com/vulnerabilities/31275	XF
3362	https://www.exploit-db.com/exploits/3362	EXPLOIT-DB