[Snort-sigs] Possible rule for samba-2.2.XX exploit

Brian bmc at ...95...
Thu Apr 10 23:55:05 EDT 2003


On Thu, Apr 10, 2003 at 11:31:35AM +0200, Joerg Weber wrote:
> Ladies and Gents,
> 
> what do you think about the following suggestion for catching the
> samba-2.2.XX exploit?
> I've verified that the rule catches linux/*BSD shellcodes and it doesn't
> seem to trigger false positives.
> I'm not sure wether the depth-parameter is needed/useful, though.
> This exploit is also caught by the SHELLCODE x86 NOOP Rule, which might
> be disabled due false positives.

We already released a rule for this vulnerability.

http://www.snort.org/snort-db/sid.html?sid=2103

-brian




More information about the Snort-sigs mailing list