Sid 1-50913

Rule Documentation
References

Rule Category

SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.

Alert Message

SERVER-OTHER nfs-utils TCP connection termination denial-of-service attempt

Rule Explanation

This event is generated when an attacker attempts to cause a denial-of-service on an NFS system. Impact: Detection of a Denial of Service Attack Details: Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

CVE-2004-1014

Rule Vulnerability

CVE Additional Information

CVE-2004-1014

statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.

Details
Severity	MEDIUM	Base Score	5.0
Impact Score	2.9	Exploit Score	10.0
Confidentiality Impact	NONE	Integrity Impact	NONE
Availability Impact	PARTIAL	Access Vector
Authentication	NONE	Ease of Access