[Snort-users] Incorrect SID Information

beenph beenph at ...11827...
Wed Dec 5 18:53:25 EST 2012


On Wed, Dec 5, 2012 at 5:48 PM, Turnbough, Bradley E. <bturnbough at ...15997.....>
wrote:
>
> Service Pack 4 on Windows 2000 Service Pack 4 — Download the update
> Microsoft Internet Explorer 6 Service Pack 1 when installed on Windows
2000 Service Pack 4 — Download the update
> Microsoft Internet Explorer 6 for Windows XP Service Pac
The rule information it self seem's acurate in the rule it self..

binf at ...15897...:~/SNORT/etc/rules$ grep -r "11257" *.rules
browser-ie.rules:# alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET
any (msg:"BROWSER-IE Microsoft Internet Explorer colgroup tag uninitialized
memory exploit attempt"; flow:to_client,established; file_data;
content:"<colgroup"; fast_pattern:only;
pcre:"/<colgroup\s+[^>]*id\s*=\s*(?P<q1>\x22|\x27|)(?P<q2>\w+)(?P=q1)[^>]*>.*\s+(?P=q2)(\.delete)|(\.test)/smi";
metadata:policy security-ips drop, service http, service imap, service
pop3; reference:bugtraq,23771; reference:cve,2007-0944; reference:url,
technet.microsoft.com/en-us/security/bulletin/ms07-027;
classtype:attempted-user; sid:11257; rev:7;)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121205/4be1308f/attachment.html>


More information about the Snort-users mailing list