Home  >  CVE-2003-0209
CVE Details for CVE: CVE-2003-0209
Summary
Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow.
Timestamps
Last major update 18-10-2016 - 02:30
Published 05-05-2003 - 04:00
Last modified 18-10-2016 - 02:30
References
Vulnerable Configurations
  • cpe:2.3:a:sourcefire:snort:1.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:sourcefire:snort:1.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:sourcefire:snort:1.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:sourcefire:snort:1.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:smoothwall:smoothwall:2.0_beta_4:*:*:*:*:*:*:*
    cpe:2.3:a:smoothwall:smoothwall:2.0_beta_4:*:*:*:*:*:*:*
  • cpe:2.3:a:sourcefire:snort:1.8:*:*:*:*:*:*:*
    cpe:2.3:a:sourcefire:snort:1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:sourcefire:snort:1.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:sourcefire:snort:1.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:sourcefire:snort:1.9:*:*:*:*:*:*:*
    cpe:2.3:a:sourcefire:snort:1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:sourcefire:snort:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:sourcefire:snort:1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sourcefire:snort:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:sourcefire:snort:1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:sourcefire:snort:1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:sourcefire:snort:1.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sourcefire:snort:1.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:sourcefire:snort:1.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:sourcefire:snort:1.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:sourcefire:snort:1.8.4:*:*:*:*:*:*:*
CAPEC
Click the CAPEC title to display a description
CWE
NVD-CWE-Other
CVSS
Base
10.0
Impact
10.0
Exploitability
10.0
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
CVSS3
None
VIA4 references
cvss-vector via4
AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 7178
bugtraq
  • 20030415 CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability
  • 20030422 GLSA: snort (200304-05)
  • 20030423 Snort <=1.9.1 exploit
  • 20030428 GLSA: snort (200304-06)
cert CA-2003-13
cert-vn VU#139129
debian DSA-297
engarde ESA-20030430-013
mandrake MDKSA-2003:052
misc http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10
vulnwatch 20030415 CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability