Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
SHELLCODE:WIN:SHIKATA-GANAI-CTS |
|---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
SHELLCODE |
Keywords |
Shikata Ga Nai Encoder Routine Over TCP-CTS |
Release Date |
2013/06/05 |
Update Number |
2270 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
SHELLCODE: Shikata Ga Nai Encoder Routine Over TCP-CTS
This signature detects payloads being transferred over network that have been encoded using Shikata Ga Nai encoder routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
Extended Description
Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 servers to execute arbitrary code via a long error message.
Affected Products
- Eureka-email eureka_email 2.2q
References
- CVE: CVE-2009-3837
- CVE: CVE-2004-1211
- URL: http://www.immunitysec.com/documentation/vs_niprint.html
- URL: http://www.stratsec.net/Research/Advisories/Procyon-Core-Server-HMI-Remote-Stack-Overflow
- URL: http://aluigi.org/adv/winlog_1-adv.txt
- URL: http://www.us-cert.gov/control_systems/pdf/ICSA-11-017-02.pdf
- URL: http://www.s3cur1ty.de/m1adv2012-001
- URL: http://www.sielcosistemi.com/en/download/public/winlog_lite.html
- URL: http://www.admin-magazine.com/Articles/How-to-Hide-a-Malicious-File
- URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02498535
- URL: http://www.rapid7.com/db/modules/encoder/x86/shikata_ga_nai