[Snort-sigs] new rule for detect ethereal 0.10.12 crash (slimp overflow)

rmkml rmkml at ...324...
Sat Oct 22 10:28:57 EDT 2005


Hi,

please check and add this new rule :

dos.rules:alert udp $EXTERNAL_NET any <> $HOME_NET 1069 (msg:"DOS Ethereal 
slimp overflow attempt";
content:"|6C C3 B2 A1 02 00 04 00 00 00 00 00 00 00 00 00 FF FF 00 00 01 00 00 00 56 57 F7|";
reference:cve,2005-3243; classtype:attempted-dos; )

This rule must detect slimp dissector remote buffer overflow on ethereal 
0.9.1 to 0.10.12.

Regards
Rmkml




More information about the Snort-sigs mailing list