Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:313 |
Message | EXPLOIT ntalkd x86 Linux overflow |
Summary | This event is generated when an attempt to exploit a buffer overflow condition in ntalkd is made. |
Impact | Serious. System compromize presenting the attacker with the opportunity to gain remote access to the victim host or execute arbitrary code with the privileges of the superuser account. |
Detailed Information | Some versions of the Network Talk Daemon (ntalkd) are vulnerable to a buffer overflow condition which can present the attacker with a root shell. Talk is used to communicate between users of UNIX based operating systems. A vulnerability exists such that a buffer overflow condition in talk can be exploited by a malicious user. This may then present the attacker with the opportunity to gain root access to the target system. Affected Versions: Multiple vendors |
Affected Systems | |
Attack Scenarios | Once the overflow has been created, the attacker is able to supply incorrect hostname information to the target system and gain root access. |
Ease of Attack | Simple. |
Corrective Action | Upgrade to the latest non-affected version of the software. Apply vendor supplied patches. |
Additional References | Bugtraq: http://www.securityfocus.com/bid/210 |
Rule References | bugtraq: 210 |
--
DID:847480
--
http://www.aanval.com/