[Snort-sigs] [Snort-devel] snort rule about MS08-067

Joel Esler jesler at ...435...
Thu Feb 23 19:27:12 EST 2012


There are four rules that cover MS08-067.


 gid  sid  rev  msg
=======================================================================
  1  15015  8   NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel overflow attempt
  1  14896  5   NETBIOS-DG SMB v4 srvsvc NetrpPathCononicalize unicode path cononicalization stack overflow attempt
  1  14783 12   NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt
  1  14782 12   NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt

If you look in the "Reference" field of the rules, you should see a Microsoft bulletin number.  A quick grep will do.

J


On Feb 23, 2012, at 5:09 PM, ndritsos <ndritsos at ...2420...> wrote:

> Hello  ,
> 
> iam searching to find the snort rules about :
> 
> MS08-067 , but unfortunately i can not find that .
> any link where i can find?
> 
> thank you in advance
> 
> ------------------------------------------------------------------------------
> Virtualization & Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing 
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> 
> Please visit http://blog.snort.org for the latest news about Snort!





More information about the Snort-sigs mailing list