Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Gold

signature 5858-1, DNS Server RPC Interface Buffer Overflow

All the documentation seems to suggest that this overflow occurs on ports >1023. Why do all the subsigs all check 139,445?

http://tools.cisco.com/MySDN/Intelligence/viewThreat.x?threatId=5392

  • Intrusion Prevention Systems/IDS
3 REPLIES
Gold

Re: signature 5858-1, DNS Server RPC Interface Buffer Overflow

After doing a little more reading, it would appear that an authenticated attack can occur over ports 139,445. An unauthenticated attack can occur over ports >1023. So, is 5858-0 designed to provide coverage for the unauthenticated attack (I can't tell because lots of info is hidden)?

Cisco Employee

Re: signature 5858-1, DNS Server RPC Interface Buffer Overflow

Yes, you would be correct.

Gold

Re: signature 5858-1, DNS Server RPC Interface Buffer Overflow

thanks.

132
Views
0
Helpful
3
Replies
This widget could not be displayed.