GEN:SID | 1:319 |
Message | EXPLOIT bootp x86 linux overflow |
Summary | This event is generated when an attempt is made to exploit a vulnerable version of bootpd |
Impact | If attack is successful, total system compromise from a remote attacker |
Detailed Information | Due to improper handling of bounds checking in bootp request packets Bootpd version 2.4.3(and earlier) is susceptible to several types of buffer overflows. A successful exploit will result in complete compromise of the attacked system. Any system running Bootpd version Stanford University bootpd 2.4.3 should consider themselves vulnerable |
Affected Systems | Debian Linux 1.1 Debian Linux 1.2 Debian Linux 1.3 Debian Linux 1.3.1 Debian Linux 2.0 Stanford University bootpd 2.4.3 |
Attack Scenarios | An attacker can exploit vulnerable bootpd servers and modify system files as the root user or create a shell with root privileges |
Ease of Attack | Simple, Sample code exists |
Corrective Action | Vendors have supplied patched versions of bootpd, upgrade |
Additional References | |
Rule References | cve: 1999-0389
cve: 1999-0798
cve: 1999-0799
|