[Snort-sigs] SID 295

Steven Alexander alexander.s at ...1565...
Mon Jun 23 15:03:02 EDT 2003


According to exploit code located at one of the supplied reference
sites, the following rule is actually for x86 BSD and not linux:

alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP EXPLOIT x86
linux overflow"; flow:to_server,established; content:"|89d8 40cd 80e8
c8ff ffff|/";reference:bugtraq,130; reference:cve,CVE-1999-0005;
classtype:attempted-admin; sid:295; rev:5;) 

http://www.securityfocus.com/bid/130/exploit/

-steven




More information about the Snort-sigs mailing list