[Snort-sigs] sid 580 and sid 1267 = cve-1999-0008 ? (snort233b14)

Kevin Wood kwood at ...3015...
Thu Jun 9 11:06:41 EDT 2005


Nice..You have a good point 

-----Original Message-----
From: snort-sigs-admin at lists.sourceforge.net
[mailto:snort-sigs-admin at lists.sourceforge.net] On Behalf Of rmkml
Sent: June 9, 2005 1:57 PM
To: Snort-sigs at lists.sourceforge.net
Subject: [Snort-sigs] sid 580 and sid 1267 = cve-1999-0008 ?
(snort233b14)

sid 580 is :
rpc.rules:alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap
nisd request UDP"; content:"|00 01 86 A0|"; depth:4; offset:12;
content:"|00 00 00 03|"; within:4; distance:4;
byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00
01 87 CC|"; within:4; content:"|00 00 00 00|"; depth:4; offset:4;
reference:arachnids,21; classtype:rpc-portmap-decode; sid:580; rev:9;)

sid 1267 is :
rpc.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap
nisd request TCP"; flow:to_server,established; content:"|00 01 86 A0|";
depth:4; offset:16; content:"|00 00 00 03|"; within:4; distance:4;
byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00
01 87 CC|"; within:4; content:"|00 00 00 00|"; depth:4; offset:8;
reference:arachnids,21; classtype:rpc-portmap-decode; sid:1267; rev:11;)

cve-1999-0008 is :
Name: CVE-1999-0008
Reference: CERT:CA-98.06.nisd
Reference: SUN:00170
Reference: ISS:June10,1998
Reference: XF:nisd-bo-check
Buffer overflow in NIS+, in Sun's rpc.nisd program

Regards
Rmkml


-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games.  How far can you
shotput a projector? How fast can you ride your desk chair down the
office luge track?
If you want to score the big prize, get to know the little guy.  
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs





More information about the Snort-sigs mailing list