Rule Category

SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.

Alert Message

SERVER-OTHER HP-UX lpd command execution attempt

Rule Explanation

The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the connection, a different vulnerability than CVE-2002-1473. Impact: CVSS base score 10.0 CVSS impact score 10.0 CVSS exploitability score 10.0 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE Details: Ease of Attack:

What To Look For

This rule detects commands being sent using the LPD protocol.

Known Usage

No public information

False Positives

No known false positives

Contributors

Talos research team.

Rule Groups

MITRE::ATT&CK Framework::Enterprise::Initial Access::Exploit Public-Facing Application

MITRE::ATT&CK Framework::Enterprise::Privilege Escalation::Exploitation for Privilege Escalation

CVE

Rule Vulnerability

Command Injection

Command Injection attacks target applications that allow unsafe user-supplied input. Attackers transmit this input via forms, cookies, HTTP headers, etc. and exploit the applications permissions to execute system commands without injecting code.

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2005-3277
Loading description
CVE-2002-1473
Loading description