SHELLCODE: x86 Intel Architecture Instruction Set NOOP Slide (HTTP-Request)
This signature detects attempts to exploit a known vulnerability against Web servers on Intel x86 platforms. Attackers can use the "No-Op Slide" attack to pad the stack with "No Operation" x86 CPU instructions and overwrite the return address. A successful attack might allow arbitrary code execution.
Extended Description
Versions 2.6, 7, and 8 of Sun Microsystem's Solaris operating environment ship with service called 'snmpXdmid'. This daemon is used to map SNMP management requests to DMI requests and vice versa. SnmpXdmid contains a remotely exploitable buffer overflow vulnerability. The overflow occurs when snmpXdmid attempts to translate a 'malicious' DMI request into an SNMP trap. SnmpXdmid runs with root privileges and any attacker to successfully exploit this vulnerability will gain superuser access immediately.
Affected Products
Sun solaris
Short Name
SHELLCODE:X86:X90-NOOP-HTTP-REQ
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
SHELLCODE
Keywords
(HTTP-Request) Architecture CVE-2001-0236 CVE-2002-1549 Instruction Intel NOOP Set Slide bid:2417 x86
Release Date
08/21/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Sun
CVSS Score
7.5
10.0