GEN:SID 1:1901
Message ATTACK-RESPONSES successful kadmind buffer overflow attempt
Summary This event is generated when a known response to a sucessful attack is
detected.
Impact Information gathering and system integrity compromise. Possible unauthorized
administrative access to the server or application. Possible execution
of arbitrary code of the attackers choosing in some cases.
Detailed Information This event is generated when a known response to a sucessful attack is
detected. Some applications do not perform stringent checks when validating
the credentials of a client host connecting to the services offered on a
host server. This can lead to unauthorized access and possibly escalated
privileges to that of the administrator. Data stored on the machine can be
compromised and trust relationships between the victim server and other
hosts can be exploited by the attacker.

Events generated by rules in attack-responses.rules may indicate that an
attack against a host has been sucessful.
Affected Systems Any vulnerable host.
Attack Scenarios An attacker can access an authentication mechanism and supply his/her
own credentials to gain access. An attacker might also exploit a
weakness in a particular application or piece of software that will
present the opportunity to gain access to the host.
Ease of Attack Simple. Many exploits exist for various systems and software.
Corrective Action Ensure the system is using an up to date version of the software and has
had all vendor supplied patches applied.

Care should be taken to investigate the source of the event. Check for
signs of system compromise in log files. Check for listening services on
high ports.
Additional References  
Rule References bugtraq: 5731
bugtraq: 6024
cve: 2002-1226
cve: 2002-1235
url: www.kb.cert.org/vuls/id/875073