Hosting Provided By

Re: Snort RPC Vulnerability

From: Jason V. Miller <jmiller(at)securityfocus.com>
Date: Mon Mar 03 2003 - 14:06:01 EST

Yes, though the risk would be mitigated by the fact that your machine couldn't transmit any data onto the wire; although an attacker wouldn't be able to get an interactive shell of any sort on your machine, they would still be able to rm -rf / the box (or equivalent).

According to the ISS advisory, successful exploitation can occur outside of an established TCP session; stateless TCP segments with the ACK bit set (or possibly even a SYN segment with data) can trigger the vulnerability.

Regards,

On Mon, Mar 03, 2003 at 02:03:25PM -0500, netsecurity wrote:
> If you are using a receive only cable does this still represent a

-- 
Jason V. Miller, Threat Analyst
Symantec, Inc. - www.symantec.com
E-Mail:	jmiller@securityfocus.com

-----------------------------------------------------------
Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.
http://www.securityfocus.com/stillsecure"> 
http://www.securityfocus.com/stillsecure

Received on Mon Mar 3 14:16:02 2003

This message: [ Message body ]
Next message: Rob Shein: "RE: Snort RPC Vulnerability"
In reply to netsecurity: "Re: Snort RPC Vulnerability"
Next in thread: Rob Shein: "RE: Snort RPC Vulnerability"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:10 EDT