GPL NETBIOS SMB OpenKey overflow attempt

SID: 2103218Rev: 50 viewsHistory

Sourceet/open

CreatedSeptember 23, 2010

UpdatedJuly 26, 2019

Classificationattempted-admin

alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"GPL NETBIOS SMB OpenKey overflow attempt"; flow:established,to_server; flowbits:isset,smb.tree.bind.winreg; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; content:"&|00|"; within:2; distance:56; content:"|5C|PIPE|5C 00|"; distance:4; nocase; byte_jump:2,-17,relative,from_beginning,little; isdataat:4,relative; content:"|05|"; byte_test:1,!&,16,3,relative; content:"|00|"; within:1; distance:1; content:"|00 0F|"; within:2; distance:19; byte_test:2,>,1024,20,relative; reference:bugtraq,1331; reference:cve,2000-0377; reference:url,www.microsoft.com/technet/security/bulletin/MS00-040.mspx; classtype:attempted-admin; sid:2103218; rev:5; metadata:created_at 2010_09_23, cve CVE_2000_0377, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)

References

bugtraq	1331
cve	2000-0377
url	www.microsoft.com/technet/security/bulletin/MS00-040.mspx

Metadata

created at2010_09_23

cveCVE-2000-0377

confidenceMedium

signature severityInformational

tagDescription_Generated_By_Proofpoint_Nexus

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!