[Snort-sigs] snort-rules 2.1.* update @ Wed Jul 21 11:27:54 2004

Brian bmc at ...95...
Wed Aug 4 14:22:13 EDT 2004


>      alert udp $EXTERNAL_NET any -> $HOME_NET 88 (msg:"EXPLOIT kerberos principal name overflow UDP"; content:"|6A|"; depth:1; content:"|01 A1|"; asn1:oversize_length 1024,relative_offset -1; reference:url,web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt; classtype:attempted-admin; sid:2578; rev:1;)
>      alert tcp $EXTERNAL_NET any -> $HOME_NET 88 (msg:"EXPLOIT kerberos principal name overflow TCP"; flow:to_server,established; content:"|6A|"; offset:4; depth:1; content:"|01 A1|"; asn1:oversize_length 1024,relative_offset -1; reference:url,web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt; classtype:attempted-admin; sid:2579; rev:1;)

Ah, proof it did actually break and you people are not insane.

I'm thinking this was caused by the same errors in CVS syncing that
other people were having.  If anyone has this error again in the
future, please let me know ASAP.

-b




More information about the Snort-sigs mailing list