Main Vulnerability Database Vulnerabilities #VU738

#VU738 Insecure library loading in Snort - CVE-2016-1417

Published: October 4, 2016 / Updated: October 5, 2016

Vulnerability identifier: #VU738

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-1417

CWE-ID: CWE-427

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Snort

Software vendor:
Sourcefire

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to absence of validation of search path when loading DLL files. A remote attacker can place malicious 'tcapi.dll' DLL file on the SBM or WebDav share and trick the victim to load a pcap file from that location.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Remediation

Cybersecurity Help is not aware of any official solution to address this vulnerability.

External links

http://hyp3rlinx.altervista.org/advisories/SNORT-DLL-HIJACK.txt

#VU738 Insecure library loading in Snort - CVE-2016-1417

Description

Remediation

External links

Please verify you're human