Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:655 |
Message | SMTP sendmail 8.6.9 exploit |
Summary | This event is generated when a buffer overflow is attempted on a Sendmail 8.6.9 server. |
Impact | Attempted administrator access. A successful buffer overflow attack can allow a remote attacker access to the Sendmail server at the privilege level of the user ID associated with Sendmail. |
Detailed Information | A vulnerability exists in Sendmail version 8.6.9 that can be exploited by a buffer overflow attack. This allows the attacker access to the Sendmail server at the privilege level of the user ID associated with Sendmail. This attack can occur when a Sendmail server connects back to the ident service of the client requesting the Sendmail connection. Because it is improperly validated by the Sendmail server, a malicious response can cause a buffer overflow. |
Affected Systems | Sendmail version 8.6.9. |
Attack Scenarios | An attacker can request a connection to a Sendmail server, listen for the request for the ident service, and respond with a malicious payload to exploit the vulnerability. |
Ease of Attack | Easy. Exploit code is available. |
Corrective Action | Apply the appropriate patch or upgrade to a Sendmail version greater than 8.6.9. |
Additional References | CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0204 |
Rule References | arachnids: 140 bugtraq: 2311 cve: 1999-0204 |
--
DID:578146
--
http://www.aanval.com/