[Snort-sigs] SMB DOS: New Tool

Wirth, Jeff WirthJe at ...511...
Tue Aug 27 14:08:05 EDT 2002


A new tool exists for a recent (8/22) Microsoft Networking vulnerability
(Unchecked Buffer in Network Share Provider).  I've tried it against an NT
4.0 SP6a install and had a BSoD within seconds...;-)

http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS
02-045.asp

The tool can be found at:

http://packetstorm.decepticons.org/0208-exploits/SMBdie.zip

Snort Signature:

alert tcp any any -> any 139 (msg:"SMBdie DOS";
content:"|00082404008|";flags:A+;)


- Jeff






More information about the Snort-sigs mailing list