Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:286 |
| Message | POP3 EXPLOIT x86 BSD overflow |
| Summary | This event is generated when an attempt is made to exploit a buffer overflow in the POP3 qpopper service on BSD systems. |
| Impact | An attacker can gain access to a shell running with root privileges. |
| Detailed Information | This rule looks for a piece of shell code (executable code) that is used to exploit a known vulnerability in an older version of the Qualcom based POP3 daemon distributed with BSD Unixes. |
| Affected Systems | *BSD systems using Qualcomm Qpopper 2.4 |
| Attack Scenarios | The attack is done remotely and gives the attacker a command shell running with root privileges. |
| Ease of Attack | Simple. An exploit is readily available. |
| Corrective Action | Install the available security patches from your vendor. |
| Additional References | Bugtraq: http://www.securityfocus.com/bid/133 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-1999-0006 |
| Rule References | bugtraq: 133 cve: 1999-0006 nessus: 10196 |
--
DID:124002
--
http://www.aanval.com/