What is contained in that email? Specifically that check is looking for strings that could be used as the payload in a buffer overflow. There is always a chance of positives but I would love to see what kinda of legit email contains characters that could be translated to machine code in a useful fashion.
On Nov 19, 2007 5:28 PM, Albert R. Campa <[EMAIL PROTECTED]> wrote: > Hi guys, > > I am getting spurts of events trigerred by ISS Proventia, with the > following vuln description: > Vulnerability description > In buffer overflow attacks, an attacker supplies data that is longer > than the available space to hold it. For stack allocated variables, > this usually means the attacker can corrupt other variables and > eventually modify the code that is executed when the function in which > the overflow occurs ends. > > http://www.iss.net/security_center/reference/vuln/EMail_Generic_Intel_Overflow.htm > > They are from a trusted mail server so its not being blocked. > > Do you think this is just a true false positive or is this trusted > mail server sending bad packets? > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > to learn more. > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
