CVE-2002-0391
## Snort IDS/IPS Mitigation Rules (2 rules) The following Emerging Threats Snort rules detect exploitation of this vulnerability: ### Rule 1: SID 2102095 (rev 7) **GPL RPC CMSD TCP CMSD_CREATE array buffer overflow attempt** > **Note:** This rule is currently disabled in the Emerging Threats ruleset. ```snort #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL RPC CMSD TCP CMSD_CREATE array buffer overflow attempt"; flow:to_server,established; content:"|00 01 86 E4|"; depth:4; offset:16; content:"|00 00 00 15|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; byte_test:4,>,1024,20,relative; content:"|00 00 00 00|"; depth:4; offset:8; reference:bugtraq,5356; reference:cve,2002-0391; classtype:attempted-admin; sid:2102095; rev:7; metadata:created_at 2010_09_23, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2012_01_16;) ``` --- ### Rule 2: SID 2102094 (rev 7) **GPL RPC CMSD UDP CMSD_CREATE array buffer overflow attempt** > **Note:** This rule is currently disabled in the Emerging Threats ruleset. ```snort #alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL RPC CMSD UDP CMSD_CREATE array buffer overflow attempt"; content:"|00 01 86 E4|"; depth:4; offset:12; content:"|00 00 00 15|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; byte_test:4,>,1024,20,relative; content:"|00 00 00 00|"; depth:4; offset:4; reference:bugtraq,5356; reference:cve,2002-0391; classtype:attempted-admin; sid:2102094; rev:7; metadata:created_at 2010_09_23, confidence High, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2012_01_16;) ``` ### Implementation Steps 1. Deploy these rules to your Snort/Suricata IDS/IPS sensors 2. Ensure all rules are enabled in your sensor configuration 3. Monitor for alerts matching the above SIDs 4. For IPS mode, consider changing action from `alert` to `drop`
EPSS 8.26% · 92.4th percentile
Risk Scores
Timeline
- Aug 12, 2002 CVE Published
- Sep 23, 2010 PoC Published
- Feb 4, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 27, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Apr 3, 2023 EPSS Score
- Apr 17, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Dec 22, 2023 EPSS Score
References
- Emerging Threats Snort Rule SID 2102095 mitigation
- https://www.securityfocus.com/bid/5356 advisory
- Emerging Threats Snort Rule SID 2102094 mitigation