[Snort-sigs] SID 284
alexander.s at ...1565...
Tue Jun 10 17:36:08 EDT 2003
POP2 x86 Linux overflow
This is an attempt to exploit a buffer overflow in the POP2 service.
An attacker can gain access to a shell running with the privileges of
This signature looks for a piece of shell code (executable code) that is
used to exploit a known vulnerability in the POP2 service running on
older Linux systems.
Redhat Linux 4.2, 5.0, 5.1, and 5.2
Other old Linux distributions??
The attack is done remotely and gives the attacker a command shell
running with the same privileges as the POP2 daemon.
Ease of Attack:
Simple. An exploit is readily available.
Upgrade to a newer version of POP2 (or POP3). It would be preferrable
and probably easier to upgrade to a newer version of Linux entirely.
Rule Documentation - Steven Alexander<alexander.s at ...1565...>
More information about the Snort-sigs