Vulnerability CVE-2006-5276 - CERT Civis.Net

Vulnerability Name:

CVE-2006-5276 (CCN-31275)

Assigned:

2006-10-13

Published:

2007-02-19

Updated:

2018-10-17

Summary:

Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic.
All affected Sourcefire Intrustion Sensor products are only vulnerable if they are used with SEUs prior to SEU 64.
Upgrade to the latest version of Snort (2.6.1.3 or later), available from the Snort Web site.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2006-5276

Source: FEDORA
Type: UNKNOWN
FEDORA-2007-2060

Source: CCN
Type: IBM Internet Security Systems Protection Advisory - Feb 19, 2007
Sourcefire Snort Remote Buffer Overflow

Source: ISS
Type: Vendor Advisory
20070219 Sourcefire Snort Remote Buffer Overflow

Source: CCN
Type: SA24190
Snort DCE/RPC Preprocessor Buffer Overflow

Source: SECUNIA
Type: UNKNOWN
24190

Source: CCN
Type: SA24235
Sourcefire Intrusion Sensor DCE/RPC Preprocessor Buffer Overflow

Source: SECUNIA
Type: UNKNOWN
24235

Source: CCN
Type: SA24239
Nortel Threat Protection System DCE/RPC Preprocessor Buffer Overflow

Source: SECUNIA
Type: UNKNOWN
24239

Source: CCN
Type: SA24240
Nortel Threat Protection System DCE/RPC Preprocessor Buffer Overflow

Source: SECUNIA
Type: UNKNOWN
24240

Source: SECUNIA
Type: UNKNOWN
24272

Source: SECUNIA
Type: UNKNOWN
26746

Source: GENTOO
Type: UNKNOWN
GLSA-200703-01

Source: CCN
Type: SECTRACK ID: 1017669
Snort Buffer Overflow in DCE/RPC Preprocessor Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: SECTRACK ID: 1017670
Sourcefire Intrusion Sensor Buffer Overflow in DCE/RPC Preprocessor Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: GLSA-200703-01
Snort: Remote execution of arbitrary code

Source: CCN
Type: US-CERT VU#196240
Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets

Source: CERT-VN
Type: US Government Resource
VU#196240

Source: OSVDB
Type: UNKNOWN
32094

Source: CCN
Type: OSVDB ID: 32094
Snort DCE/RPC Pre-Processor Packet Reassembly Remote Overflow

Source: BUGTRAQ
Type: UNKNOWN
20070303 ERRATA: [ GLSA 200703-01 ] Snort: Remote execution of arbitrary code

Source: BID
Type: UNKNOWN
22616

Source: CCN
Type: BID-22616
Snort/Sourcefire DCE/RPC Packet Reassembly Stack Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1017669

Source: SECTRACK
Type: UNKNOWN
1017670

Source: CCN
Type: Snort Web site
Snort - the de facto standard for intrusion detection/prevention

Source: CCN
Type: 2007-02-19 Sourcefire Advisory
Vulnerability in Snort DCE/RPC Preprocessor

Source: CONFIRM
Type: Vendor Advisory
http://www.snort.org/docs/advisory-2007-02-19.html

Source: CCN
Type: Sourcefire Web site
Sourcefire Network Security

Source: CCN
Type: US-CERT Technical Cyber Security Alert TA07-050A
Sourcefire Snort DCE/RPC Preprocessor Buffer Overflow

Source: CERT
Type: Third Party Advisory, US Government Resource
TA07-050A

Source: VUPEN
Type: UNKNOWN
ADV-2007-0656

Source: VUPEN
Type: UNKNOWN
ADV-2007-0668

Source: CCN
Type: Nortel Networks Security Advisory DOCUMENT ID 2007007755
Security vulnerability in TPS DCE/RPC preprocessor (CVE-2006-5276)

Source: CONFIRM
Type: UNKNOWN
http://www116.nortelnetworks.com/pub/repository/CLARIFY/DOCUMENT/2007/08/021923-01.pdf

Source: CONFIRM
Type: UNKNOWN
http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=540173

Source: MISC
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=229265

Source: XF
Type: UNKNOWN
smb-bo(31275)

Source: XF
Type: UNKNOWN
smb-bo(31275)

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [04-09-2012]

Source: EXPLOIT-DB
Type: UNKNOWN
3362

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [02-19-2007]
Snort 2 DCE/RPC Preprocessor Buffer Overflow

Vulnerable Configuration:

Configuration 1:

cpe:/a:snort:snort:2.6.1:*:*:*:*:*:*:*

OR cpe:/a:snort:snort:2.6.1.1:*:*:*:*:*:*:*

OR cpe:/a:snort:snort:*:*:*:*:*:*:*:* (Version <= 2.6.1.2)

OR cpe:/a:snort:snort:2.7_beta1:*:*:*:*:*:*:*

OR cpe:/a:sourcefire:intrusion_sensor:4.1:*:*:*:*:*:*:*

OR cpe:/a:sourcefire:intrusion_sensor:4.1:*:crossbeam:*:*:*:*:*

OR cpe:/a:sourcefire:intrusion_sensor:4.5:*:*:*:*:*:*:*

OR cpe:/a:sourcefire:intrusion_sensor:4.5:*:crossbeam:*:*:*:*:*

OR cpe:/a:sourcefire:intrusion_sensor:4.6:*:*:*:*:*:*:*

OR cpe:/a:sourcefire:intrusion_sensor:4.6:*:crossbeam:*:*:*:*:*

Configuration CCN 1:

cpe:/a:snort:snort:2.6.1.2:*:*:*:*:*:*:*

OR cpe:/a:snort:snort:2.6.1:*:*:*:*:*:*:*

OR cpe:/a:snort:snort:2.6.1.1:*:*:*:*:*:*:*

OR cpe:/a:snort:snort:2.7_beta1:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:-:*:*:*:*:*:*:*

Denotes that component is vulnerable