[Snort-sigs] rule documentation for TELNET SGI telnetd format bug

Josh.Sakofsky at ...1573... Josh.Sakofsky at ...1573...
Tue Jun 10 13:41:04 EDT 2003


# This is a template for submitting snort signature descriptions to
# the snort.org website
#
# Ensure that your descriptions are your own
# and not the work of others.  References in the rules themselves
# should be used for linking to other's work. 
#
# If you are unsure of some part of a rule, use that as a commentary
# and someone else perhaps will be able to fix it.
# 
# $Id$
#
# 

Rule: TELNET SGI telnetd format bug

--
Sid: 711

--
Summary: SGI IRIX's telnetd is vulnerable to a remote attack where the 
attacker can execute code as the root user.

--
Impact: Serious

--
Detailed Information: When setting one of the _RDL environment variables, 
IRIX's telnetd logs the information via syslog.
When telnetd calls syslog, it is possible to manipulate the variable to 
overwrite values on the stack so that code
given is executed as the user telnetd is run as, typically root.

--
Affected Systems: SGI IRIX versio 6.2 to 6.5.8 and versions 5.2 to 6.1 
that applied patches 1010 and 1020. 

--
Attack Scenarios: An attacker can gain a root shell with this attack.

--
Ease of Attack: Easy. Exploit code exisits and is readily available.

--
False Positives: None Known

--
False Negatives: None Known

--
Corrective Action: Apply patch from SGI.

--
Contributors: Original rule writer unknown.
              Josh Sakofsky
-- 
Additional References: http://www.whitehats.com/info/IDS304
                       http://www.securityfocus.com/bid/1572
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20030610/f14e2016/attachment.html>


More information about the Snort-sigs mailing list