A vulnerability in the popular open source IDS.  It seems that Snort doesn't properly reassemble fragmented fragments, allowing an attacker to avoid detection.  The issue has been fixed in Snort version 2.8.1 so if you can upgrade to that, you should immediately.  Snort versions 2.6.x and 2.8.0 are vulnerable.  Snort 2.4 is not vulnerable.  There is a workaround if you can't upgrade right away.  Find the preprocessor frag3_engine: ttl_limit line and set the value to 255 as such:

preprocessor frag3_engine: ttl_limit 255

This vulnerability allows an attacker to bypass all Snort rules.  All that has to be done to exploit this vulnerability fragment IP packets to a specific host making sure the TTL difference is greater than the maximum allowed, which by default is 5.  This is a very easily exploited vulnerability and you should update your Snort configurations immediately.

For more information regarding this vulnerability, read the public advisory over at iDefense.