| GEN:SID | 1:319 |
| Message | EXPLOIT bootp x86 linux overflow |
| Summary | This event is generated when an attempt is made to exploit a vulnerable version of bootpd |
| Impact | If attack is successful, total system compromise from a remote attacker |
| Detailed Information | Due to improper handling of bounds checking in bootp request packets Bootpd version 2.4.3(and earlier) is susceptible to several types of buffer overflows. A successful exploit will result in complete compromise of the attacked system. Any system running Bootpd version Stanford University bootpd 2.4.3 should consider themselves vulnerable |
| Affected Systems | Debian Linux 1.1 Debian Linux 1.2 Debian Linux 1.3 Debian Linux 1.3.1 Debian Linux 2.0 Stanford University bootpd 2.4.3 |
| Attack Scenarios | An attacker can exploit vulnerable bootpd servers and modify system files as the root user or create a shell with root privileges |
| Ease of Attack | Simple, Sample code exists |
| Corrective Action | Vendors have supplied patched versions of bootpd, upgrade |
| Additional References | |
| Rule References | cve: 1999-0389
cve: 1999-0798
cve: 1999-0799
|