Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:337 |
Message | FTP CEL overflow attempt |
Summary | This event is generated when a remote attacker attempts to exploit a buffer overflow vulnerability in the IBM AIX FTP daemon. |
Impact | Remote execution of arbitrary code leading to remote root compromise. |
Detailed Information | The IBM AIX 4.3.x FTP daemon contains a buffer overflow vulnerability. An attacker can send an overly long string in the CEL command, causing a buffer overflow condition and allowing the attacker to execute arbitrary code. |
Affected Systems | IBM AIX 4.3.x |
Attack Scenarios | An attacker sends a suspiciously large amount of data to the FTP server in the CEL command, causing a buffer overflow condition. The attacker can then execute arbitrary code to obtain root privileges. |
Ease of Attack | Simple. Exploits exist. |
Corrective Action | Install the patch provided by IBM. See http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/ERS-SVA-E01-1999.004.1/$file/sva004.txt for an advisory and information about obtaining the patch. |
Additional References | IBM http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/ERS-SVA-E01-1999.004.1/$file/sva004.txt |
Rule References | arachnids: 257 bugtraq: 679 cve: 1999-0789 nessus: 10009 |
--
DID:390593
--
http://www.aanval.com/