[Snort-sigs] add ref MS-99-003 on sid 2338 ? (snort233b14)

rmkml rmkml at ...324...
Thu Jun 9 11:27:09 EDT 2005

sid 2338 is :
ftp.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"FTP LIST 
buffer overflow attempt"; flow:to_server,established; content:"LIST"; 
nocase; pcre:"/^LIST\s[^\n]{100,}/smi"; reference:bugtraq,10181; refer
ence:bugtraq,6869; reference:bugtraq,7251; reference:bugtraq,7861; 
reference:bugtraq,8486; reference:bugtraq,9675; reference:cve,1999-0349; 
reference:cve,1999-1510; reference:cve,2000-0129; classtype:misc-atta
ck; sid:2338; rev:12;)

cve-1999-0349 is :
Name: CVE-1999-0349
Reference: EEYE:IIS Remote FTP Exploit/DoS Attack
Reference: MS:MS99-003
Reference: MSKB:Q188348
Reference: BUGTRAQ:Jan27,1999
Reference: XF:iis-remote-ftp
A buffer overflow in the FTP list (ls) command in IIS allows remote
attackers to conduct a denial of service and, in some cases, execute
arbitrary commands.

add ref MS:MS99-003 on sid 2338 ?


More information about the Snort-sigs mailing list