Snort mailing list archives
Re: NetBIOS sid 3218 - affected platforms?
From: Nigel Houghton <nhoughton () sourcefire com>
Date: Wed, 12 May 2010 08:56:18 -0400
On Wed, May 12, 2010 at 8:40 AM, Willst Mail <willstmail () gmail com> wrote:
Hi, We see a lot of alerts for sid 3218 DCERPC NCACN-IP-TCP winreg OpenKey overflow attempt, and in looking into detals about the vulnerability the Snort ID site (http://www.snortid.com/snortid.asp?QueryId=1:3218) and local file list NT 4, Windows 2000, XP, and 2003. However, all of the external sites (Microsoft, CVE, bugtraq) don't look like they've been updated to include platforms beyond NT 4. Can someone offer any insight? I'm not familiar enough with the dce_iface stuff to understand if we're truly affected, and with the (out-of-date?) external sites I don't know if we should be looking for particular patches to have been applied. ------------------------------------------------------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
The doc is incorrect on the version numbers. The only affected version is Windows NT 4.0. Fixing now. -- Nigel Houghton Head Mentalist SF VRT http://vrt-sourcefire.blogspot.com && http://labs.snort.org/ ------------------------------------------------------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- NetBIOS sid 3218 - affected platforms? Willst Mail (May 12)
- Re: NetBIOS sid 3218 - affected platforms? Nigel Houghton (May 12)
- Re: NetBIOS sid 3218 - affected platforms? Nigel Houghton (May 12)
- Re: NetBIOS sid 3218 - affected platforms? Nigel Houghton (May 12)