[Snort-sigs] Snort Rule: 3472 inconsistency

JC monroe at ...745...
Mon Jul 25 13:46:07 EDT 2005


SID 3472: Reference URL is inconsistent with the other rules that
reference CVE in so far as 3472 uses the prefix 'can' whereas seemingly
everything else uses 'cve'.

Please change: 
alert udp $EXTERNAL_NET any -> $HOME_NET 41524 (msg:"EXPLOIT ARCserve
discovery service overflow"; dsize:>966; reference:bugtraq,12491;
reference:can,2005-0260; classtype:attempted-admin; sid:3472; rev:2;

to be 
alert udp $EXTERNAL_NET any -> $HOME_NET 41524 (msg:"EXPLOIT ARCserve
discovery service overflow"; dsize:>966; reference:bugtraq,12491;
reference:cve,2005-0260; classtype:attempted-admin; sid:3472; rev:3;

Thanks,

JC




More information about the Snort-sigs mailing list