Snort Back Orifice Pre-Processor buffer overflow

Added: 08/28/2007
CVE: CVE-2005-3252
BID: 15131
OSVDB: 20034


Back Orifice is a remote system administration program for Windows. It is commonly installed by attackers or Trojan Horse programs for use as a backdoor.

Snort is an open-source intrusion detection system. It includes a Back Orifice pre-processor, which handles Back Orifice traffic before it is passed to the intrusion detection engine.


A buffer overflow vulnerability in the Back Orifice pre-processor in Snort could allow remote attackers to execute arbitrary commands by sending a specially crafted Back Orifice ping to a host on a network monitored by Snort.


Upgrade to Snort 2.4.3 or higher.



Exploit works on Snort 2.4.2 on Windows and Red Hat 8.


Windows 2000
Windows XP SP0 / Windows XP SP1
Windows XP SP2 / Windows XP
Windows Server 2003 SP0
Windows Server 2003 SP1
Windows Server 2003 SP2 / Windows Server 2003

Back to exploit index