[Snort-sigs] remove bid 0866 on sid 1911 ? (snort233b14)

Nigel Houghton nigel at ...435...
Mon Jun 13 13:29:55 EDT 2005


Thanks for all the reference suggestions, and sorry for the delay in
replying (been otherwise occupied).

I will take a look at everything you have submitted and take some action
on each. I will endeavor to reply for each of your submissions
individually (unless I can pull them all into one place in which case I
may reply en-masse).

Please, keep the suggesstions coming, I'm sure everyone on the list
appreciates your efforts.

Thanks again.

On  0, rmkml <rmkml at ...324...> allegedly wrote:
> Hi,
> 
> sid 1911 is :
> rpc.rules:alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"RPC sadmind 
> UDP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt"; content:"|00 01 
> 87 88|"; depth:4; offset:12; content:"|00 00 00 01|"; within:4; 
> distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; 
> byte_jump:4,124,relative,align; byte_jump:4,20,relative,align; 
> byte_test:4,>,512,4,relative; content:"|00 00 00 00|"; depth:4; offset:4; 
> reference:bugtraq,0866; reference:bugtraq,866; reference:cve,1999-0977; 
> classtype:attempted-admin; sid:1911; rev:10;)
> 
> remove bid 0866 because already bid 866 on sid 1911 ?
> 
> regards
> Rmkml

+--------------------------------------------------------------------+
     Nigel Houghton      Research Engineer       Sourcefire Inc.
                   Vulnerability Research Team

 I require a window seat and an inflight Happy Meal, and no pickles! 
 God help you if I find pickles!




More information about the Snort-sigs mailing list