Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NetBIOS sid 3218 - affected platforms?

From: Nigel Houghton <nhoughton () sourcefire com>
Date: Wed, 12 May 2010 08:59:01 -0400
On Wed, May 12, 2010 at 8:56 AM, Nigel Houghton
<nhoughton () sourcefire com> wrote:

On Wed, May 12, 2010 at 8:40 AM, Willst Mail <willstmail () gmail com> wrote:

Hi,
We see a lot of alerts for sid 3218 DCERPC NCACN-IP-TCP winreg OpenKey
overflow attempt, and in looking into detals about the vulnerability
the Snort ID site (http://www.snortid.com/snortid.asp?QueryId=1:3218)
and local file list NT 4, Windows 2000, XP, and 2003.  However, all of
the external sites (Microsoft, CVE, bugtraq) don't look like they've
been updated to include platforms beyond NT 4.

Can someone offer any insight?  I'm not familiar enough with the
dce_iface stuff to understand if we're truly affected, and with the
(out-of-date?) external sites I don't know if we should be looking for
particular patches to have been applied.


ok, looks like the doc you referenced is out of date, the correction
was done on January 20th.

Doc is available here:

http://www.snort.org/search/sid/3218?r=1

-- 
Nigel Houghton
Head Mentalist
SF VRT
http://vrt-sourcefire.blogspot.com && http://labs.snort.org/

------------------------------------------------------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
Previous By Date Next
Previous By Thread Next

Current thread: