Snort mailing list archives
IMAP Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow
From: Yew Chuan Ong <yewchuan88 () gmail com>
Date: Mon, 26 Mar 2012 03:35:03 +0800
Hye guys, I experienced lots of FPs with this sig - IMAP Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow. alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow"; flow:established,to_server; dsize:>668; metadata:policy balanced-ips drop, policy security-ips drop, service imap; refer ence:bugtraq,15980; reference:cve,2005-4267; classtype:attempted-admin; sid:1732 8; rev:1;) When I checked on the payloads, these are just normal email contents (not suspicious). I am wondering why the packet size is more than 668 bytes if it is not a real buffer overflow attempt. Any ideas? Thanks. Regards Yew Chuan
------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- IMAP Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow Yew Chuan Ong (Mar 25)
- Re: IMAP Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow rmkml (Mar 25)
- Re: IMAP Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow Yew Chuan Ong (Mar 25)
- Re: IMAP Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow rmkml (Mar 25)
- Re: IMAP Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow Joel Esler (Mar 25)
- Re: IMAP Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow Yew Chuan Ong (Mar 25)
- Re: IMAP Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow rmkml (Mar 25)
- Re: IMAP Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow Joel Esler (Mar 25)