Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2527 |
Message | SMTP STARTTLS attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in the Microsoft implementation of the Private Communications Transport (PCT) protocol. |
Impact | Execution of arbitrary code. Unauthorized administrative access to an affected host. |
Detailed Information | A vulnerability exists in the handling of PCT requests that can be manipulated to give an attacker the opportunity to execute arbitrary code of their choosing leading to a possible remote administrative compromize of an affected host. The condition exists because of poor error handling routines in the Microsoft Secure Sockets Layer (SSL) library. |
Affected Systems | Microsoft Windows NT, 2000, 2003 and XP systems using PCT |
Attack Scenarios | An attcker needs to make a specially crafted PCT request to an affected system. |
Ease of Attack | Simple. |
Corrective Action | Apply the appropriate vendor supplied patches Disable the use of PCT |
Additional References |
--
DID:890618
--
http://www.aanval.com/