[Snort-sigs] NetBIOS sid 3218 - affected platforms?

Nigel Houghton nhoughton at ...435...
Wed May 12 08:59:01 EDT 2010

On Wed, May 12, 2010 at 8:56 AM, Nigel Houghton
<nhoughton at ...435...> wrote:
> On Wed, May 12, 2010 at 8:40 AM, Willst Mail <willstmail at ...2420...> wrote:
>> Hi,
>> We see a lot of alerts for sid 3218 DCERPC NCACN-IP-TCP winreg OpenKey
>> overflow attempt, and in looking into detals about the vulnerability
>> the Snort ID site (http://www.snortid.com/snortid.asp?QueryId=1:3218)
>> and local file list NT 4, Windows 2000, XP, and 2003.  However, all of
>> the external sites (Microsoft, CVE, bugtraq) don't look like they've
>> been updated to include platforms beyond NT 4.
>> Can someone offer any insight?  I'm not familiar enough with the
>> dce_iface stuff to understand if we're truly affected, and with the
>> (out-of-date?) external sites I don't know if we should be looking for
>> particular patches to have been applied.

ok, looks like the doc you referenced is out of date, the correction
was done on January 20th.

Doc is available here:


Nigel Houghton
Head Mentalist
http://vrt-sourcefire.blogspot.com && http://labs.snort.org/

More information about the Snort-sigs mailing list