1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57
|
Rule:
--
Sid: 313
--
Summary:
This event is generated when an attempt to exploit a buffer overflow condition in ntalkd is made.
--
Impact:
Serious. System compromize presenting the attacker with the opportunity to gain remote access to the victim host or execute arbitrary code with the privileges of the superuser account.
--
Detailed Information:
Some versions of the Network Talk Daemon (ntalkd) are vulnerable to a buffer overflow condition which can present the attacker with a root shell.
Talk is used to communicate between users of UNIX based operating systems. A vulnerability exists such that a buffer overflow condition in talk can be exploited by a malicious user. This may then present the attacker with the opportunity to gain root access to the target system.
Affected Versions:
Multiple vendors
--
Attack Scenarios:
Once the overflow has been created, the attacker is able to supply incorrect hostname information to the target system and gain root access.
--
Ease of Attack:
Simple.
--
False Positives:
None Known
--
False Negatives:
None Known
--
Corrective Action:
Upgrade to the latest non-affected version of the software.
Apply vendor supplied patches.
--
Contributors:
Original rule writer unknown
Sourcefire Research Team
Nigel Houghton <nigel.houghton@sourcefire.com>
--
Additional References:
Bugtraq:
http://www.securityfocus.com/bid/210
--
|