290.txt

来自「snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具」· 文本 代码 · 共 60 行

Rule:

--
Sid: 
290

--
Summary:
This event is generated when an attempt is made to exploit a buffer overflow in Qualcomm qpopper. 

--
Impact: 
Remote access.  This attack may permit the execution of arbitrary commands with the privileges of root on the vulernable server.

--
Detailed Information:
A buffer overflow exploit exists in version 3.x of Qualcomm qpopper daemon, permitting the execution of arbitrary commands with the privileges of root.  The buffer overflow vulnerability is present because of improper bounds checking associated with vsprintf() and sprintf() calls in pop_msg.c.

--
Affected Systems:
Qualcomm qpopper 3.0 b20
Qualcomm qpopper 3.0

--
Attack Scenarios:
An attacker may exploit the qpopper buffer overflow vulnerability, permitting the execution of arbitrary commands with the privileges of root on the vulnerable server.

--
Ease of Attack:
Simple.  Exploit code is freely available.

--
False Positives:
None known.

--
False Negatives:
None known.
--
Corrective Action:
Upgrade to qpopper3.0b22

--
Contributors:
Original rule writer unknown.
Modified by Brian Caswell <bmc@sourcefire.com>
Sourcefire Research Team
Judy Novak <judy.novak@sourcefire.com>

--
Additional References:

CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0822

Bugtraq
http://www.securityfocus.com/bid/830

--