File: 100000165.txt

package info (click to toggle)
snort 2.7.0-20.4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 34,512 kB
  • ctags: 18,772
  • sloc: ansic: 115,404; sh: 10,893; makefile: 1,372; perl: 487; sql: 213
file content (58 lines) | stat: -rw-r--r-- 1,138 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
Rule: 

--
Sid: 
100000165

-- 
Summary: 
This event is generated when an overly large UDP packet is sent to port 5093, 
where the Sentinel License Manager service typically listens.

--
Impact:
A denial of service will occur, and arbitrary code may be executed with the 
privileges of the user running the service.

--
Detailed Information:
A stack-based buffer overflow exists within the Sentinel License Manager, which 
will be triggered if 2048 or more characters are received by the service. 
Authentication is not required, and no specific characters need be present in 
malicious packets in order to trigger the vulnerability.

--
Affected Systems:
SafeNet Sentinel License Manager 7.2.0.2

--
Attack Scenarios:
An attacker could use one of the publicly available exploit scripts, or create 
a script which simply sends 2048 or more random characters to a vulnerable 
server.

--
Ease of Attack:
Simple, as public exploits exist.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Upgrade to version 8.0 or above.

--
Contributors:
rmkml
Sourcefire Research Team

--
Additional References

--