Source: snort X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for snort. These all lack details, but all boil down to the fact Snort needs to be updated: CVE-2020-3315[0]: | Multiple Cisco products are affected by a vulnerability in the Snort | detection engine that could allow an unauthenticated, remote attacker | to bypass the configured file policies on an affected system. The | vulnerability is due to errors in how the Snort detection engine | handles specific HTTP responses. An attacker could exploit this | vulnerability by sending crafted HTTP packets that would flow through | an affected system. A successful exploit could allow the attacker to | bypass the configured file policies and deliver a malicious payload to | the protected network. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort_filepolbypass-m4X5DgOP CVE-2021-1223[1]: | Multiple Cisco products are affected by a vulnerability in the Snort | detection engine that could allow an unauthenticated, remote attacker | to bypass a configured file policy for HTTP. The vulnerability is due | to incorrect handling of an HTTP range header. An attacker could | exploit this vulnerability by sending crafted HTTP packets through an | affected device. A successful exploit could allow the attacker to | bypass configured file policy for HTTP packets and deliver a malicious | payload. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-filepolbypass-67DEwMe2 CVE-2021-1224[2]: | Multiple Cisco products are affected by a vulnerability with TCP Fast | Open (TFO) when used in conjunction with the Snort detection engine | that could allow an unauthenticated, remote attacker to bypass a | configured file policy for HTTP. The vulnerability is due to incorrect | detection of the HTTP payload if it is contained at least partially | within the TFO connection handshake. An attacker could exploit this | vulnerability by sending crafted TFO packets with an HTTP payload | through an affected device. A successful exploit could allow the | attacker to bypass configured file policy for HTTP packets and deliver | a malicious payload. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-tfo-bypass-MmzZrtes CVE-2021-1494[3]: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc CVE-2021-1495[4]: | Multiple Cisco products are affected by a vulnerability in the Snort | detection engine that could allow an unauthenticated, remote attacker | to bypass a configured file policy for HTTP. The vulnerability is due | to incorrect handling of specific HTTP header parameters. An attacker | could exploit this vulnerability by sending crafted HTTP packets | through an affected device. A successful exploit could allow the | attacker to bypass a configured file policy for HTTP packets and | deliver a malicious payload. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc CVE-2021-34749[5]: | A vulnerability in Server Name Identification (SNI) request filtering | of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense | (FTD), and the Snort detection engine could allow an unauthenticated, | remote attacker to bypass filtering technology on an affected device | and exfiltrate data from a compromised host. This vulnerability is due | to inadequate filtering of the SSL handshake. An attacker could | exploit this vulnerability by using data from the SSL client hello | packet to communicate with an external server. A successful exploit | could allow the attacker to execute a command-and-control attack on a | compromised host and perform additional data exfiltration attacks. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sni-data-exfil-mFgzXqLN CVE-2021-40114[6]: | Multiple Cisco products are affected by a vulnerability in the way the | Snort detection engine processes ICMP traffic that could allow an | unauthenticated, remote attacker to cause a denial of service (DoS) | condition on an affected device. The vulnerability is due to improper | memory resource management while the Snort detection engine is | processing ICMP packets. An attacker could exploit this vulnerability | by sending a series of ICMP packets through an affected device. A | successful exploit could allow the attacker to exhaust resources on | the affected device, causing the device to reload. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-s2R7W9UU If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-3315 https://www.cve.org/CVERecord?id=CVE-2020-3315 [1] https://security-tracker.debian.org/tracker/CVE-2021-1223 https://www.cve.org/CVERecord?id=CVE-2021-1223 [2] https://security-tracker.debian.org/tracker/CVE-2021-1224 https://www.cve.org/CVERecord?id=CVE-2021-1224 [3] https://security-tracker.debian.org/tracker/CVE-2021-1494 https://www.cve.org/CVERecord?id=CVE-2021-1494 [4] https://security-tracker.debian.org/tracker/CVE-2021-1495 https://www.cve.org/CVERecord?id=CVE-2021-1495 [5] https://security-tracker.debian.org/tracker/CVE-2021-34749 https://www.cve.org/CVERecord?id=CVE-2021-34749 [6] https://security-tracker.debian.org/tracker/CVE-2021-40114 https://www.cve.org/CVERecord?id=CVE-2021-40114 Please adjust the affected versions in the BTS as needed.
