SHELLCODE: x86 Intel Architecture Instruction Set NOOP Slide (TCP-CTS)
This signature detects attempts to exploit a known vulnerability against an x86 system. Attackers can send long strings of NOOPs to overflow the buffer and gain root access. To properly use this signature in your policy, override the default service binding to the services you wish to protect.
Extended Description
The libc library includes functions which perform DNS lookups. A buffer overflow vulnerability has been reported in versions of libc used by some operating systems. In particular, FreeBSD, NetBSD, OpenBSD and GNU glibc have been reported to suffer from this issue. The vulnerable code is related to DNS queries. It may be possible for a malicious DNS server to provide a response which will exploit this vulnerability, resulting in the execution of arbitrary code as the vulnerable process. The consequences of exploitation will be highly dependant on the details of individual applications using libc.
Affected Products
Hp colour_laserjet_4550,Gnu glibc
Short Name
SHELLCODE:X86:X90-NOOP-CTS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
SHELLCODE
Keywords
(TCP-CTS) Architecture CVE-2002-0651 Instruction Intel NOOP Set Slide bid:5100 x86
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/1
False Positive
Unknown
Vendors
Sco
Openbsd
Freebsd
Gnu
Sun
Hp
Cray
Astaro
Isc
Netbsd
Ibm
CVSS Score
7.5