[Snort-sigs] SID 3655, 3656 info,

Nigel Houghton nigel at ...435...
Wed Jun 15 08:16:25 EDT 2005


Is there something incorrect about the existing docs for these rules?

Comments inline as an FYI for folks wanting to write documents.

On  0, Craig Mueller <cmueller at ...3095...> allegedly wrote:
> Rule:  
> 
> --
> Sid: 3655, 3656
> 
> --
> Summary:
> SMTP SEND overflow attempt 
> SMTP MAIL overflow attempt

Not enough detail here.

> --
> Impact:
> 
> --
> Detailed Information:
> 
> --
> Affected Systems:
> Windows OSR2/98/ME/XP/W2K-2000/W2k-2003

No, the affected systems are MDaemon 6.7.9.1 and prior.

> --
> Attack Scenarios:
> 
> --
> Ease of Attack:
> 
> --
> False Positives:
> 
> --
> False Negatives:
> 
> --
> Corrective Action:
> Install latest version of Alt-N MDaemon.

Upgrade to the latest non-affected version of the software.

> --
> Contributors:
> 
> -- snort-sigs at lists.sourceforge.net
> Additional References:  http://www.securityfocus.com/bid/11238]

No, this reference is included in the rules and is therefore not
additional.

+--------------------------------------------------------------------+
     Nigel Houghton      Research Engineer       Sourcefire Inc.
                   Vulnerability Research Team

 I require a window seat and an inflight Happy Meal, and no pickles! 
 God help you if I find pickles!




More information about the Snort-sigs mailing list