Re: BO preproc exploit published

[Matthew Watchinski <mwatchinski () sourcefire com>]

Just an FYI in snort 2.4.3 we added detection to the BO preprocessor to 
detect attempts to exploit this vulnerability (gid:sid) 105:4

105 || 4 || spp_bo: Back Orifice Snort Buffer Attack

Cheers,
Matthew Watchinski
Director, Vulnerability Research
Sourcefire, Inc.

Paul Melson wrote:

> http://isc.sans.org/diary.php?storyid=791
> http://www.frsirt.com/exploits/20051025.THCsnortbo.c.php
>
> In case you haven't already seen it.
>
> PaulM
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by the JBoss Inc.
> Get Certified Today * Register for a JBoss Training Course
> Free Certification Exam for All Training Attendees Through End of 2005
> Visit http://www.jboss.com/services/certification for more information
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>  



-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users