Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:2517 |
| Message | IMAP PCT Client_Hello overflow attempt |
| Summary | This event is generated when an attempt is made to exploit a known vulnerability in the Microsoft implementation of the Private Communications Transport (PCT) protocol. |
| Impact | Execution of arbitrary code. Unauthorized administrative access to an affected host. |
| Detailed Information | A vulnerability exists in the handling of PCT requests that can be manipulated to give an attacker the opportunity to execute arbitrary code of their choosing leading to a possible remote administrative compromize of an affected host. The condition exists because of poor error handling routines in the Microsoft Secure Sockets Layer (SSL) library. |
| Affected Systems | Microsoft Windows NT, 2000, 2003 and XP systems using PCT |
| Attack Scenarios | An attcker needs to make a specially crafted PCT request to an affected system. |
| Ease of Attack | Simple. |
| Corrective Action | Apply the appropriate vendor supplied patches Disable the use of PCT |
| Additional References | |
| Rule References | bugtraq: 10116 cve: 2003-0719 nessus: 12205 url: www.microsoft.com/technet/security/bulletin/MS04-011.mspx |
--
DID:727790
--
http://www.aanval.com/