[Snort-sigs] Documentation: SID 286

Steven Alexander alexander.s at ...1565...
Fri Jun 20 09:04:07 EDT 2003


Rule:  

POP3 EXPLOIT x86 BSD overflow  

--
Sid: 286

--
Summary: 

This is an attempt to exploit a buffer overflow in the POP3 service.

--
Impact:  
An attacker can gain access to a shell running with root privileges.

--
Detailed Information:  

This signature looks for a piece of shell code (executable code) that is
used to exploit a known vulnerability in an older version of the Qualcom
based POP3 daemon distributed with BSD Unixes.

--
Affected Systems:
*BSD with Qualcomm Qpopper 2.4 

--
Attack Scenarios:

The attack is done remotely and gives the attacker a command shell
running with root privileges.
--
Ease of Attack:

Simple.  An exploit is readily available.

--
False Positives:

None known.
--
False Negatives:

None known.
--
Corrective Action:

Install the available security patches from your vendor.
--
Contributors:
Rule Documentation - Steven Alexander<alexander.s at ...1565...>
-- 
Additional References:

http://www.securityfocus.com/bid/133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0006






More information about the Snort-sigs mailing list