[Snort-sigs] SID 285
alexander.s at ...1565...
Tue Jun 10 17:39:10 EDT 2003
This rule's description is the same as SID 284. The rules are looking
for different pieces of shellcode in order to identify the same thing.
POP2 x86 Linux overflow
This is an attempt to exploit a buffer overflow in the POP2 service.
An attacker can gain access to a shell running with the privileges of
This signature looks for a piece of shell code (executable code) that is
used to exploit a known vulnerability in the POP2 service running on
older Linux systems.
Redhat Linux 4.2, 5.0, 5.1, and 5.2
The attack is done remotely and gives the attacker a command shell
running with the same privileges as the POP2 daemon.
Ease of Attack:
Simple. An exploit is readily available.
Upgrade to a newer version of POP2 (or POP3). It would be preferrable
and probably easier to upgrade to a newer version of Linux entirely.
Rule Documentation - Steven Alexander<alexander.s at ...1565...>
More information about the Snort-sigs