Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:3078 |
Message | NNTP SEARCH pattern overflow attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in Microsoft implementation of the Network News Transport Protocol (NNTP) for Internet Information Server (IIS). |
Impact | Execution of arbitrary code on the affected system |
Detailed Information | The Microsoft implementation of NNTP for IIS contains a programming error in the processing of user supplied input that may present an attacker with multiple opportunites to execute code of their choosing on an affected system. |
Affected Systems | . Microsoft Windows NT Server 4.0 NNTP component . Microsoft Windows 2000 Server NNTP component . Microsoft Windows Server 2003 NNTP Component . Microsoft Windows Server 2003 64-Bit Edition NNTP Component |
Attack Scenarios | An attacker must supply specially crafted input to a vulnerable system to cause the overflow to occur. |
Ease of Attack | Moderate. Example code exists. |
Corrective Action | Apply the appropriate vendor supplied patches Upgrade to the latest non-affected version of the software |
Additional References | CORE Technologies: http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10 |
Rule References | cve: 2004-0574 url: www.microsoft.com/technet/security/bulletin/MS04-036.mspx |
--
DID:481229
--
http://www.aanval.com/