Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:3078 |
| Message | NNTP SEARCH pattern overflow attempt |
| Summary | This event is generated when an attempt is made to exploit a known vulnerability in Microsoft implementation of the Network News Transport Protocol (NNTP) for Internet Information Server (IIS). |
| Impact | Execution of arbitrary code on the affected system |
| Detailed Information | The Microsoft implementation of NNTP for IIS contains a programming error in the processing of user supplied input that may present an attacker with multiple opportunites to execute code of their choosing on an affected system. |
| Affected Systems | . Microsoft Windows NT Server 4.0 NNTP component . Microsoft Windows 2000 Server NNTP component . Microsoft Windows Server 2003 NNTP Component . Microsoft Windows Server 2003 64-Bit Edition NNTP Component |
| Attack Scenarios | An attacker must supply specially crafted input to a vulnerable system to cause the overflow to occur. |
| Ease of Attack | Moderate. Example code exists. |
| Corrective Action | Apply the appropriate vendor supplied patches Upgrade to the latest non-affected version of the software |
| Additional References | CORE Technologies: http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10 |
| Rule References | cve: 2004-0574 url: www.microsoft.com/technet/security/bulletin/MS04-036.mspx |
--
DID:481229
--
http://www.aanval.com/