CVE-2006-6931
EPSS 4.7%Published: 1/16/2007Modified: 6/30/2024
Description
Algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a "backtracking attack."
Affected packages (1)
- Debian/snortfrom 0, < 2.7.0-1
References (17)
- ADVISORYhttp://secunia.com/advisories/23716
- ADVISORYhttp://secunia.com/advisories/24164
- ADVISORYhttp://secunia.com/advisories/24338
- ADVISORYhttp://security.gentoo.org/glsa/glsa-200702-03.xml
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2006-6931
- ADVISORYhttp://www.acsac.org/2006/papers/54.pdf
- ADVISORYhttp://www.cs.wisc.edu/~smithr/pubs/acsac2006.pdf
- ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:051
- WEBhttp://lists.immunitysec.com/pipermail/dailydave/2007-January/003954.html
- WEBhttp://securitytracker.com/id?1017508
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/31430
- WEBhttp://www.acsac.org/2006/abstracts/54.html
- WEBhttp://www.acsac.org/2006/advance_program.html
- WEBhttp://www.cs.wisc.edu/~smithr/pubs/randy_smith_acsac2006.zip
- WEBhttp://www.osvdb.org/32096
- WEBhttp://www.securityfocus.com/bid/21991
- WEBhttp://www.snort.org/pub-bin/snortnews.cgi