[Snort-sigs] community set SID 100000227

Gentoo-Wally gentoowally at ...2420...
Tue Aug 1 11:57:33 EDT 2006


The following rule has a reference structure I'm not familiar with and
doesn't seem to be documented...

alert udp $EXTERNAL_NET any -> $HOME_NET 162 (msg: "COMMUNITY MISC
SNMP trap Format String detected"; content: "%s"; reference:
bugtraq,16267; reference: cve,2006-0250; reference: osvdb,22493;
classtype: attempted-recon; sid: 100000227; rev: 1; )

Should probably change the ref to 'reference: url,
www.osvdb.org/displayvuln.php?osvdb_id=22493' or add the following ref
format to the docs.

osvdb = http://www.osvdb.org/displayvuln.php?osvdb_id=

Wally




More information about the Snort-sigs mailing list