[Snort-sigs] NetBIOS sid 3218 - affected platforms?

Nigel Houghton nhoughton at ...435...
Wed May 12 08:56:18 EDT 2010


On Wed, May 12, 2010 at 8:40 AM, Willst Mail <willstmail at ...2420...> wrote:
> Hi,
> We see a lot of alerts for sid 3218 DCERPC NCACN-IP-TCP winreg OpenKey
> overflow attempt, and in looking into detals about the vulnerability
> the Snort ID site (http://www.snortid.com/snortid.asp?QueryId=1:3218)
> and local file list NT 4, Windows 2000, XP, and 2003.  However, all of
> the external sites (Microsoft, CVE, bugtraq) don't look like they've
> been updated to include platforms beyond NT 4.
>
> Can someone offer any insight?  I'm not familiar enough with the
> dce_iface stuff to understand if we're truly affected, and with the
> (out-of-date?) external sites I don't know if we should be looking for
> particular patches to have been applied.
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>


The doc is incorrect on the version numbers. The only affected version
is Windows NT 4.0. Fixing now.

-- 
Nigel Houghton
Head Mentalist
SF VRT
http://vrt-sourcefire.blogspot.com && http://labs.snort.org/




More information about the Snort-sigs mailing list