|
|
Re: Classtype accuracy?: msg#00174security.ids.snort.sigs
Matthew Watchinski wrote: > nnposter wrote: > >I have recently run into several cases where the rule classtype seems > >incorrect. As an example, 2671 (WEB-CLIENT bitmap BitmapOffset integer > >overflow attempt) is classified as "attempted-admin", instead of > >"attempted-user". > > > >Could somebody at Sourcefire be so kind and explain the current > >classification rules? Or is the example above just a mistake? > > Hum, guess so since the vulnerability executes as the user running IE, > we'll get that fixed. Another suspicious rule is 2673.3 (WEB-CLIENT libpng tRNS overflow attempt) Cheers, nnposter ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Bleedingsnort.com Daily Update: 00174, matt |
|---|---|
| Next by Date: | David Kibilka/Networking/Willich/Datasystems ist außer Haus.: 00174, dkibilka |
| Previous by Thread: | Re: Classtype accuracy?i: 00174, Matthew Watchinski |
| Next by Thread: | Broken 1429.2 (POLICY poll.gotomypc.com access): 00174, nnposter |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |