[Snort-sigs] sid 580 and sid 1267 = cve-1999-0008 ? (snort233b14)

rmkml rmkml at ...324...
Thu Jun 9 11:00:37 EDT 2005


sid 580 is :
rpc.rules:alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap 
nisd request UDP"; content:"|00 01 86 A0|"; depth:4; offset:12; 
content:"|00 00 00 03|"; within:4; distance:4; 
byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 
01 87 CC|"; within:4; content:"|00 00 00 00|"; depth:4; offset:4; 
reference:arachnids,21; classtype:rpc-portmap-decode; sid:580; rev:9;)

sid 1267 is :
rpc.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap 
nisd request TCP"; flow:to_server,established; content:"|00 01 86 A0|"; 
depth:4; offset:16; content:"|00 00 00 03|"; within:4; distance:4; 
byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 
01 87 CC|"; within:4; content:"|00 00 00 00|"; depth:4; offset:8; 
reference:arachnids,21; classtype:rpc-portmap-decode; sid:1267; rev:11;)

cve-1999-0008 is :
Name: CVE-1999-0008
Reference: CERT:CA-98.06.nisd
Reference: SUN:00170
Reference: ISS:June10,1998
Reference: XF:nisd-bo-check
Buffer overflow in NIS+, in Sun's rpc.nisd program

Regards
Rmkml




More information about the Snort-sigs mailing list