300.txt

snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具

Rule:

--
Sid: 300

--
Summary:
This event is generated when a buffer overflow attempt is made against a host running Solaris x86.

--
Impact:
System compromize presenting the attacker with the opportunity to
execute arbitrary code or gain remote access to the victim host.

--
Detailed Information:
A buffer overflow condition exists in the nlps_server daemon on certain versions of Solaris for x86 architecture.

nlps_server is a network listener used for printing services. The buffer overflow can be generated by sending an excessively long string of characters to the daemon on port 2766 followed by the command to be executed.

Affected Systems:
	Solaris 2.4, 2.5 and 2.51 for x86

--
Attack Scenarios:
Exploit scripts are available

--
Ease of Attack:
Simple. Exploits are available.

--
False Positives:
None Known

--
False Negatives:
None Known

--
Corrective Action:
Upgrade to the latest non-affected version of the software.

--
Contributors:
Original rule writer unknown
Sourcefire Research Team
Nigel Houghton <nigel.houghton@sourcefire.com>

--
Additional References:

Bugtraq:
http://www.securityfocus.com/bid/2319

--