Rule: -- Sid: 2490 -- Summary: This event is generated when an attempt is made to exploit a buffer overflow associated with eSignal software. -- Impact: A successful attack may allow the execution of arbitrary code with LOCAL_SYSTEM privilege on a vulnerable host. -- Detailed Information: eSignal software provides real-time stock market data to client hosts. There is a vulnerability associated with eSignal that may cause a buffer overflow, permitting the execution of arbitrary code with the context of LOCAL_SYSTEM. The buffer overflow occurs when a larger than expected data payload is supplied for certain message exchanges. -- Affected Systems: eSignal versions 7.5 and 7.6 -- Attack Scenarios: An attacker can create and send a malformed eSignal message that may cause a buffer overflow and allow the subsequent execution of arbitrary code with the context of LOCAL_SYSTEM. -- Ease of Attack: Simple. -- False Positives: None known. -- False Negatives: None known. -- Corrective Action: Upgrade to the latest non-affected version of the software. -- Contributors: Sourcefire Research Team Judy Novak <judy.novak@sourcefire.com> -- Additional References Bugtraq: http://www.securityfocus.com/bid/9978 --
