| GEN:SID | 1:288 |
| Message | POP3 EXPLOIT x86 Linux overflow |
| Summary | This event is generated when an attempt is made to exploit a buffer overflow in the POP3 service on Linux systems.
|
| Impact | An attacker can gain access to a shell running with root privileges.
|
| Detailed Information | This rule looks for a piece of shell code (executable code) that is used to exploit a known vulnerability in an older version of the POP3 daemon distributed in Linux systems.
|
| Affected Systems | Various Linux versions.
|
| Attack Scenarios | The attack is done remotely and gives the attacker a command shell running with root privileges.
|
| Ease of Attack | Simple. An exploit is readily available.
|
| Corrective Action | Install the available security patches from your linux vendor.
|
| Additional References | |