[Snort-sigs] Possible rule for samba-2.2.XX exploit

Joerg Weber j.weber at ...1338...
Fri Apr 11 03:22:10 EDT 2003


Brian,

> We already released a rule for this vulnerability.
> 
> http://www.snort.org/snort-db/sid.html?sid=2103
> 
> -brian

This rule does not work out of the box with Version 1.9.1 (Build 231),
nor does it catch the netric exploit. The reason is easy: byte_test is
not supported with 1.9.1

If removed, the rule still does not catch netric's exploit, as there are
wrong distance/within values.

Joerg

-- 
Joerg Weber
Network Security

infoServe GmbH
Nell-Breuning-Allee 6
D-66115 Saarbruecken

T: (0681) 8 80 08 - 0
F: (0681) 8 80 08 - 59
www.infos.de
E: j.weber at ...1338...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20030411/611dff0d/attachment.sig>


More information about the Snort-sigs mailing list