⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 2126.txt

📁 snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具
💻 TXT
字号:
🔍 
Rule:--Sid:2126--Summary:This event is generated when a remote attacker attempts to overflow Microsoft'sPPTP RAS service.  --Impact:Administrative Compromise.  This attack may permit executation of arbitrarycommands with the privileges of the NT SYSTEM account.--Detailed Information:A buffer overflow exists when a malformed SCR (Start Control Request) PPTP packet is received by the PPTP RAS service.  This may permit executation ofarbitrary commands with the privileges of root. --Affected Systems:Windows 2000 ProfessionalWindows 2000 ServerWindows 2000 Advanced Server--Attack Scenarios:Exploit code can be used to attack vulnerable PPTP RAS services to obtainSYSTEM level access to the remote host.--Ease of Attack:Difficult.  Currently Sourcefire is unaware of any publicly available exploits for this vulnerability.--False Positives:PPTP clients that violate RFC2637 by generating overly long Host Name andVendor Strings could potentially trigger this rule inadvertently.--False Negatives:None Known.--Corrective Action:Microsoft as released the following patches to correct the problem:Microsoft Windows 2000 Professional SP3:    Microsoft Patch Q329834    http://www.microsoft.com/windows2000/downloads/critical/q329834/default.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D43606%26redirect%3DnoMicrosoft Windows 2000 Server SP3:    Microsoft Patch Q329834    http://www.microsoft.com/windows2000/downloads/critical/q329834/default.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D43606%26redirect%3DnoMicrosoft Windows 2000 Advanced Server SP3:    Microsoft Patch Q329834    http://www.microsoft.com/windows2000/downloads/critical/q329834/default.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D43606%26redirect%3DnoMicrosoft Windows 2000 Terminal Services SP3:    Microsoft Patch Q329834    http://www.microsoft.com/windows2000/downloads/critical/q329834/default.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D43606%26redirect%3DnoMicrosoft Windows 2000 Advanced Server SP2:    Microsoft Patch Q329834    http://www.microsoft.com/windows2000/downloads/critical/q329834/default.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D43606%26redirect%3DnoMicrosoft Windows 2000 Professional SP2:    Microsoft Patch Q329834    http://www.microsoft.com/windows2000/downloads/critical/q329834/default.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D43606%26redirect%3DnoMicrosoft Windows 2000 Server SP2:    Microsoft Patch Q329834    http://www.microsoft.com/windows2000/downloads/critical/q329834/default.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D43606%26redirect%3DnoMicrosoft Windows 2000 Terminal Services SP2:    Microsoft Patch Q329834    http://www.microsoft.com/windows2000/downloads/critical/q329834/default.asp?FinishURL=%2Fdownloads%2Frelease%2Easp%3FReleaseID%3D43606%26redirect%3DnoMicrosoft Windows XP Home SP1:    Microsoft Patch Q329834    http://download.microsoft.com/download/whistler/Patch/Q329834/WXP/EN-US/Q329834_WXP_SP2_x86_ENU.exeMicrosoft Windows XP Professional SP1:    Microsoft Patch Q329834    http://download.microsoft.com/download/whistler/Patch/Q329834/WXP/EN-US/Q329834_WXP_SP2_x86_ENU.exeMicrosoft Windows XP 64-bit Edition SP1:    Microsoft Patch Q329834    http://download.microsoft.com/download/whistler/Patch/Q329834/W64XP/EN-US/Q329834_WXP_SP2_ia64_ENU.exe--Contributors:Sourcefire Research TeamMatthew Watchinski (matt.watchinski@sourcefire.com)--Additional References:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1214http://www.securityfocus.com/bid/5807--

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -