Snort Back Orifice Pre-Processor buffer overflow

Added: 08/28/2007
CVE: CVE-2005-3252
BID: 15131
OSVDB: 20034

Background

Back Orifice is a remote system administration program for Windows. It is commonly installed by attackers or Trojan Horse programs for use as a backdoor.

Snort is an open-source intrusion detection system. It includes a Back Orifice pre-processor, which handles Back Orifice traffic before it is passed to the intrusion detection engine.

Problem

A buffer overflow vulnerability in the Back Orifice pre-processor in Snort could allow remote attackers to execute arbitrary commands by sending a specially crafted Back Orifice ping to a host on a network monitored by Snort.

Resolution

Upgrade to Snort 2.4.3 or higher.

References

http://www.kb.cert.org/vuls/id/175500

Limitations

Exploit works on Snort 2.4.2 on Windows and Red Hat 8.

Platforms

Windows 2000
Windows XP SP0 / Windows XP SP1
Windows XP SP2 / Windows XP
Windows Server 2003 SP0
Windows Server 2003 SP1
Windows Server 2003 SP2 / Windows Server 2003
Linux

Back to exploit index