Re: Classtype accuracy?: msg#00159 security.ids.snort.sigs

Hum, guess so since the vulnerability executes as the user running IE, we'll get that fixed.

Cheers,
-matt

nnposter wrote:

I have recently run into several cases where the rule classtype seems incorrect. As an example, 2671 (WEB-CLIENT bitmap BitmapOffset integer overflow attempt) is classified as "attempted-admin", instead of
"attempted-user".

Could somebody at Sourcefire be so kind and explain the current classification rules? Or is the example above just a mistake?

TIA,
nnposter

-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-sigs mailing list
Snort-sigs@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/snort-sigs

-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl

Previous by Date:	Bleedingsnort.com Daily Update: 00159, matt
Next by Date:	Rules utilisation: 00159, Chich Thierry
Previous by Thread:	Classtype accuracy?i: 00159, nnposter
Next by Thread:	Re: Classtype accuracy?: 00159, nnposter
Indexes:	[Date] [Thread] [Top] [All Lists]