290.txt

来自「This is the snapshot of Snot Latest Rule」· 文本 代码 · 共 57 行

Rule:

--
Sid: 
290

--
Summary:
This event is generated when an attempt is made to exploit a buffer overflow in Qualcomm qpopper. 

--
Impact: 
Remote access.  This attack may permit the execution of arbitrary commands with the privileges of root on the vulernable server.

--
Detailed Information:
A buffer overflow exploit exists in version 3.x of Qualcomm qpopper daemon, permitting the execution of arbitrary commands with the privileges of root.  The buffer overflow vulnerability is present because of improper bounds checking associated with vsprintf() and sprintf() calls in pop_msg.c.

--
Affected Systems:
Qualcomm qpopper 3.0 b20
Qualcomm qpopper 3.0

--
Attack Scenarios:
An attacker may exploit the qpopper buffer overflow vulnerability, permitting the execution of arbitrary commands with the privileges of root on the vulnerable server.

--
Ease of Attack:
Simple.  Exploit code is freely available.

--
False Positives:
None known.

--
False Negatives:
None known.
--
Corrective Action:
Upgrade to qpopper3.0b22

--
Contributors:
Original rule writer unknown.
Modified by Brian Caswell <bmc@sourcefire.com>
Sourcefire Vulnerability Research Team
Judy Novak <judy.novak@sourcefire.com>

--
Additional References:

CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0822

--