[Snort-sigs] BUG! Rule 1677 triggers a bug when logging to mysql
bmc at ...95...
Wed Feb 12 13:58:03 EST 2003
On Wed, Feb 12, 2003 at 02:12:43PM +0100, Martin Olsson wrote:
> Rule 1677:
> alert tcp $EXTERNAL_NET any -> $SQL_SERVERS
> $ORACLE_PORTS (msg:"ORACLE select like '%' attempt";
> flow:to_server,established; content:" where "; nocase; content:" like
> '%'"; nocase; classtype:protocol-command-decode; sid:1677; rev:3;)
> Recommended actions:
> 1. Modify all rules that might trigger this behavoiur immediately
> 2. Let the rules parser detect this kind of malformed rules at startup
This is not a rules problem. This is a problem in the implementation of
the database plugin you are using.
More information about the Snort-sigs