SHELLCODE: x86 NOOP (1) Over TCP-CTS
This signature detects payloads being transferred over HTTP protocol that have been encoded using x86/avoid_utf8_tolower encoder routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
Extended Description
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution.
Affected Products
Cloudme sync
References
URL: http://aluigi.altervista.org/adv/forcecontrol_1-adv.txt
Short Name
SHELLCODE:X86:X86-NOOP1-CTS
Severity
Critical
Recommended
True
Recommended Action
Drop
Category
SHELLCODE
Keywords
(1) NOOP Over TCP-CTS x86
Release Date
10/07/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3415
Port
TCP/0-79,81-442,444-3127,3129-7999,8001-8079,8081-65535
False Positive
Unknown
Vendors
Cloudme