[Snort-sigs] Typo in sid 343 (-current)

Brian bmc at ...95...
Wed Apr 10 06:29:16 EDT 2002


According to Andreas Östling:
> 
> I believe it should be to_server in this one, not to_client.
> 
> alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"FTP EXPLOIT wu-ftpd 2.6.0 
> site exec format string overflow FreeBSD"; flags:A+; flow:to_client; content: 
> "|31c0 50 50 50 b07e cd80 31db 31c0|"; depth: 32; reference:arachnids,228;
> reference:bugtraq,1387; reference:cve,CAN-2000-0573; 
> classtype:attempted-admin; sid:343; rev:3;)

Yeap, good catch.  Corrected.

-brian

-- 
"Good things don't end with -eum,
 they end with -mania and -teria!" - Homer Simpson




More information about the Snort-sigs mailing list