SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.
SERVER-OTHER PHP gdImageColorMatch heap buffer overflow file download attempt
This event is generated when a download of the PHP gdImageColorMatch exploit is detected. An attacker, using an image fulfilling certain color value conditions, can overwrite memory beyond the provided buffer and possibly execute their own arbitrary code. Impact: Web Application Attack Details: Ease of Attack:
No public information
No known false positives
Cisco Talos Intelligence Group
Tactic:
Technique:
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org
CVE-2019-6977gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data. |
|