[Snort-sigs] NetBIOS sid 3218 - affected platforms?

Willst Mail willstmail at ...2420...
Wed May 12 08:40:16 EDT 2010

We see a lot of alerts for sid 3218 DCERPC NCACN-IP-TCP winreg OpenKey
overflow attempt, and in looking into detals about the vulnerability
the Snort ID site (http://www.snortid.com/snortid.asp?QueryId=1:3218)
and local file list NT 4, Windows 2000, XP, and 2003.  However, all of
the external sites (Microsoft, CVE, bugtraq) don't look like they've
been updated to include platforms beyond NT 4.

Can someone offer any insight?  I'm not familiar enough with the
dce_iface stuff to understand if we're truly affected, and with the
(out-of-date?) external sites I don't know if we should be looking for
particular patches to have been applied.

More information about the Snort-sigs mailing list