[Snort-sigs] Sig for MS04-007 exploit?

Compton, Rich RCompton at ...1352...
Wed Feb 18 14:48:04 EST 2004


Good question,
Does anybody have a reply to this?  What is the rule that will be created to
match traffic trying to exploit this vulnerability?

-Rich Compton

-----Original Message-----
From: snort-sigs-admin at lists.sourceforge.net
[mailto:snort-sigs-admin at lists.sourceforge.net]On Behalf Of Christian
Tramnitz
Sent: Sunday, February 15, 2004 2:37 PM
To: snort-sigs at lists.sourceforge.net
Subject: [Snort-sigs] Sig for MS04-007 exploit?


Does anyone already have a signature for the MS04-007 exploit?

The malicious code should be:

/* reqFlags that should trigger the overflow */
"\xA1\x05\x23\x03\x03\x01\x07"


Best regards,
   Christian


-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs




More information about the Snort-sigs mailing list