Home page logo

snort logo Snort mailing list archives

NetBIOS sid 3218 - affected platforms?
From: Willst Mail <willstmail () gmail com>
Date: Wed, 12 May 2010 08:40:16 -0400

We see a lot of alerts for sid 3218 DCERPC NCACN-IP-TCP winreg OpenKey
overflow attempt, and in looking into detals about the vulnerability
the Snort ID site (http://www.snortid.com/snortid.asp?QueryId=1:3218)
and local file list NT 4, Windows 2000, XP, and 2003.  However, all of
the external sites (Microsoft, CVE, bugtraq) don't look like they've
been updated to include platforms beyond NT 4.

Can someone offer any insight?  I'm not familiar enough with the
dce_iface stuff to understand if we're truly affected, and with the
(out-of-date?) external sites I don't know if we should be looking for
particular patches to have been applied.


Snort-sigs mailing list
Snort-sigs () lists sourceforge net

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]