[Snort-sigs] Documentation: SID 286
alexander.s at ...1565...
Fri Jun 20 09:04:07 EDT 2003
POP3 EXPLOIT x86 BSD overflow
This is an attempt to exploit a buffer overflow in the POP3 service.
An attacker can gain access to a shell running with root privileges.
This signature looks for a piece of shell code (executable code) that is
used to exploit a known vulnerability in an older version of the Qualcom
based POP3 daemon distributed with BSD Unixes.
*BSD with Qualcomm Qpopper 2.4
The attack is done remotely and gives the attacker a command shell
running with root privileges.
Ease of Attack:
Simple. An exploit is readily available.
Install the available security patches from your vendor.
Rule Documentation - Steven Alexander<alexander.s at ...1565...>
More information about the Snort-sigs