[Snort-sigs] IPS does not detect MS12-020 vulnerability via backtrack module

Joel Esler (jesler) jesler at ...3865...
Tue Nov 26 15:18:45 EST 2013


Lukas,

We have this bug assigned out now and are looking into it.


On Nov 26, 2013, at 5:58 AM, Lukas Matt <lukas.matt at ...525...<mailto:lukas.matt at ...525...>> wrote:

Hey guys,

one of our customer complained about SID 21619 (not readable to me).

If he runs the attack with..
https://svn.nmap.org/nmap/scripts/rdp-vuln-ms12-020.nse
.. the attack will be blocked, but if he uses Backtrack:
auxiliary/dos/windows/rdp/ms12_020_maxchannelids
... he can pass the rule.

Cheers,
Lukas


--
Lukas Matt
Deep Packet Inspection Researcher, RnD

tel: +49-721-25516-322, cell: +49-174-3440-555

Sophos Technology GmbH
Amalienbadstr. 41/Bau 52, 76227 Karlsruhe, Germany

SOPHOS Security made simple

---
Sophos Technology GmbH, Commercial Register: Mannheim HRB 712658
Headquarter Location: Amalienbadstr. 41/Bau 52 | 76227 Karlsruhe | Germany
Executive Board: Nicholas Bray, Pino von Kienlin, Richard Walford, Joachim Frost, Günter Junk

------------------------------------------------------------------------------
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing
conversations that shape the rapidly evolving mobile landscape. Sign up now.
http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20131126/d428224c/attachment.html>


More information about the Snort-sigs mailing list