Vulnerability Description
Algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a "backtracking attack."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Snort | Snort | <= 2.6.2 |
References
- http://lists.immunitysec.com/pipermail/dailydave/2007-January/003954.html
- http://secunia.com/advisories/23716
- http://secunia.com/advisories/24164
- http://secunia.com/advisories/24338
- http://security.gentoo.org/glsa/glsa-200702-03.xml
- http://securitytracker.com/id?1017508
- http://www.acsac.org/2006/abstracts/54.html
- http://www.acsac.org/2006/advance_program.html
- http://www.acsac.org/2006/papers/54.pdfVendor Advisory
- http://www.cs.wisc.edu/~smithr/pubs/acsac2006.pdfVendor Advisory
- http://www.cs.wisc.edu/~smithr/pubs/randy_smith_acsac2006.zip
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:051
- http://www.osvdb.org/32096
- http://www.securityfocus.com/bid/21991
- http://www.snort.org/pub-bin/snortnews.cgi
FAQ
What is CVE-2006-6931?
CVE-2006-6931 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and de...
How severe is CVE-2006-6931?
CVE-2006-6931 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6931?
Check the references section above for vendor advisories and patch information. Affected products include: Snort Snort.