Sign-up

ID

VAR-201705-3674


CVE

CVE-2017-6657


TITLE

Cisco Sourcefire Snort Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-004114

DESCRIPTION

Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Since valid ether type and IP protocol numbers do not overlap, Snort++ stores all protocol decoders in a single array. That makes it possible to craft packets that have IP protocol numbers in the ether type field which will confuse the Snort++ decoder. For example, an eth:llc:snap:icmp6 packet will cause a crash because there is no ip6 header with which to calculate the icmp6 checksum. Affected decoders include gre, llc, trans_bridge, ciscometadata, linux_sll, and token_ring. The fix adds a check in the packet manager to validate the ether type before indexing the decoder array. An out of range ether type will raise 116:473. Cisco Sourcefire Snort Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco Snort++ is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to restart the affected process, denying service to legitimate users. These issues fixed in: Cisco Snort++ BUILD_233. Cisco Sourcefire Snort is a set of network intrusion prevention software and network intrusion detection software from Cisco (formerly Snort team). The software provides functions such as packet sniffing, packet analysis, and packet inspection. The vulnerability stems from the fact that the program does not correctly handle Type verification

Trust: 1.98

sources: NVD: CVE-2017-6657 // JVNDB: JVNDB-2017-004114 // BID: 98465 // VULHUB: VHN-114860

AFFECTED PRODUCTS

vendor:ciscomodel:snort\+\+scope:eqversion: -

Trust: 1.6

vendor:ciscomodel:snort++scope: - version: -

Trust: 0.8

vendor:ciscomodel:snort++scope:eqversion:0

Trust: 0.3

vendor:ciscomodel:snort++ build 233scope:neversion: -

Trust: 0.3

sources: BID: 98465 // JVNDB: JVNDB-2017-004114 // CNNVD: CNNVD-201705-764 // NVD: CVE-2017-6657

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6657
value: HIGH

Trust: 1.0

NVD: CVE-2017-6657
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201705-764
value: HIGH

Trust: 0.6

VULHUB: VHN-114860
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6657
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114860
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6657
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114860 // JVNDB: JVNDB-2017-004114 // CNNVD: CNNVD-201705-764 // NVD: CVE-2017-6657

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-114860 // JVNDB: JVNDB-2017-004114 // NVD: CVE-2017-6657

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-764

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201705-764

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004114

PATCH
title:cisco-sa-20170515-snorturl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170515-snort
Trust: 0.8
title:Cisco Sourcefire Snort Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70336
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-004114 // 
            
            
            
            CNNVD: CNNVD-201705-764

EXTERNAL IDS
db:NVDid:CVE-2017-6657
Trust: 2.8
db:SECTRACKid:1038483
Trust: 1.7
db:JVNDBid:JVNDB-2017-004114
Trust: 0.8
db:CNNVDid:CNNVD-201705-764
Trust: 0.7
db:BIDid:98465
Trust: 0.3
db:VULHUBid:VHN-114860
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114860 // 
            
            
            
            BID: 98465 // 
            
            
            
            JVNDB: JVNDB-2017-004114 // 
            
            
            
            CNNVD: CNNVD-201705-764 // 
            
            
            
            NVD: CVE-2017-6657

REFERENCES
url:http://blog.snort.org/2017/05/snort-vulnerabilities-found.html
Trust: 2.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170515-snort
Trust: 1.9
url:http://www.securitytracker.com/id/1038483
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6657
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6657
Trust: 0.8
url:https://github.com/snortadmin/snort3/commit/7ae50f4be245efd469dee2ce2855b6235b07aa42
Trust: 0.3
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114860 // 
            
            
            
            BID: 98465 // 
            
            
            
            JVNDB: JVNDB-2017-004114 // 
            
            
            
            CNNVD: CNNVD-201705-764 // 
            
            
            
            NVD: CVE-2017-6657

CREDITS
Bhargava Shastry
Trust: 0.3
sources:
            
            
            BID: 98465

SOURCES
db:VULHUBid:VHN-114860
db:BIDid:98465
db:JVNDBid:JVNDB-2017-004114
db:CNNVDid:CNNVD-201705-764
db:NVDid:CVE-2017-6657

LAST UPDATE DATE
2025-04-20T23:16:09.467000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114860date:2019-10-03T00:00:00
db:BIDid:98465date:2017-05-15T00:00:00
db:JVNDBid:JVNDB-2017-004114date:2017-06-16T00:00:00
db:CNNVDid:CNNVD-201705-764date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6657date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114860date:2017-05-16T00:00:00
db:BIDid:98465date:2017-05-15T00:00:00
db:JVNDBid:JVNDB-2017-004114date:2017-06-16T00:00:00
db:CNNVDid:CNNVD-201705-764date:2017-05-17T00:00:00
db:NVDid:CVE-2017-6657date:2017-05-16T17:29:00.403