HighRealSecure Server Sensor, RealSecure Guard, RealSecure Desktop Protector, BlackICE Agent for Server, Proventia Server IPS for Microsoft Windows technology, Proventia Network MFS, BlackICE Server Protection, BlackICE PC Protection, RealSecure Sentry, Proventia Desktop, Proventia Server IPS for Linux technology, Proventia-G 1.1 and earlier, Proventia Network IPS, RealSecure Network:
This signature detects shell code that could overflow a buffer.
This signature replaces Generic_Intel_Overflow.
High
RealSecure Server Sensor: 7.0, RealSecure Guard: 3.6, RealSecure Desktop Protector: 3.6, BlackICE Agent for Server: 3.6, Proventia Server IPS for Microsoft Windows technology: 1.0.914.0, Proventia Network MFS: 1.0, BlackICE Server Protection: 3.6.cbd, BlackICE PC Protection: 3.6.cbd, RealSecure Sentry: 3.6, Proventia Desktop: 8.0.614.1, Proventia Server IPS for Linux technology: 1.0, Proventia-G 1.1 and earlier: G Series, Proventia Network IPS: 2.0, RealSecure Network: 7.0
Various vendors Any application
Denial of Service
In buffer overflow attacks, an attacker supplies data that is longer than the available space to hold it. For stack allocated variables, this usually means the attacker can corrupt other variables and eventually modify the code that is executed when the function in which the overflow occurs ends.
Block access to hosts or networks launching these attacks. This event may indicate an attack based on previously released vulnerabilities in a server, or an attack on unpublished security vulnerabilities. If possible, remove the attacked server from the network and determine any vulnerabilities it may have.
Phrack Magazine, Volume 7, Issue 49, Article 14 of 16
Smashing The Stack For Fun And Profit
http://insecure.org/stf/smashstack.html
ISS X-Force
Buffer overflows can lead to arbitrary command execution
http://www.iss.net/security_center/static/2189.php