SonicWall Security Center
Share: Linkedin Share Facebook Like
Back to SonicALERT


Client Application Shellcode Exploit 1 (medium risk alert)

SonicWALL wants to make you aware of the " Client Application Shellcode Exploit 1" virus that is spreading across the Internet. A medium risk alert has been issued for this threat.


Description


This signature detects and blocks a suspicious byte pattern sent from a server upon connection establishment.Exploit Category Description This SonicWALL IPS signature category consists of a group of signatures that can detect and prevent attempts to exploit known vulnerabilities on systems running on a network. Exploits take advantage of security holes in software that can allow attackers to execute arbitrary code on an unpatched machine. Because vulnerabilities in operating system and server management software are often made public prior to system administrators installing security updates and software patches, corporate networks are a major target when new vulnerabilities are discovered. Because administrators cannot realistically implement all security patches as soon as they are released, using SonicWALL signatures to block exploits at the gateway can help protect a network from debilitating attacks. Exploit attacks come in many forms. Methods include format string attacks, overflowing a stack or heap buffer (BoF), attacking signed mismatches and other arithmetic errors in memory management, and sql injection. A common method involving buffer overflows start with a remote attacker sending malformed data to a targeted system. This crafted data is too long for the target to handle. The receiving program may be improperly written and perform no bounds checking, writing the incoming request past the end of the stack, overwriting data in memory and possibly causing the computer to execute arbitrary commands contained in the request payload. At best, the code can cause the system to crash resulting in a temporary denial of service. At worst, the malicious code may provide the attacker with full system compromise, easy information theft, and a platform from which to attack more systems on the network. A successfully exploited and fully compromised system also can serve as an easy target for other threats. For example, an attack may include installing and running a backdoor on the compromised system. The backdoor services opening new ports on the system can be exploited by worms scanning for easy entry into the compromised systems. Many worms and bots use automated remote exploits as a major vector for propagation. Individual attackers can also successfully exploit a system and follow up the successful attack by installing scripts or stealth rootkits. After the initial attack is over, the attacker can then continually steal information and manipulate the infected system. Such attacks are especially damaging on servers where attackers can corrupt information, steal sensitive data, or use the system to launch attacks on other computers on the network. Because of the large amount of damage that these attacks can cause, SonicWALL exploit signatures are categorized as medium to high priority. When enabled, they can keep specific exploits from reaching a network. These signatures, however, should not be used as an alternative to patching systems on a network -- security updates are always a necessary part of preventing successful exploits.


Back to top

Back to SonicALERT

Follow: Follow us on Facebook Follow us on Twitter Join the Conversation
#SonicWall
© 2017 SonicWall | Privacy Policy | Conditions for use | Feedback | Live Demo | SonicALERT | Document Library | Report Issues
Version: 13.6 | S2MSW02