snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具

源代码在线查看: 3462.txt

软件大小: 771 K
上传用户: lihuitao1987
关键词: snort Snort 2.4 入侵检测
下载地址: 免注册下载 普通下载 VIP

相关代码

				Rule:								--				Sid:				3462								--				Summary:				This event is generated when an attempt is made to overflow a buffer				using the Content-Encoding parameter.								--				Impact:				Serious. Code execution is possible.								--				Detailed Information:				Internet Explorer does not correctly handle Content-Type or				Content-Encoding headers returned from a server. It is possible to				overflow a static buffer in urlmon.dll by supplying more than 300 bytes				of data in the parameter for those headers.								Specifically the error occurs when an image tag  is used to pass				the excess data to both those header fields in a server response. Since				some email clients use Internet Explorer to process HTML email messages,				it is also possible to cause this overflow to occur via email.								--				Affected Systems:					Microsoft Windows systems								--				Attack Scenarios:				An attacker can supply a malicious HTML file to a mail client containing				excess data in the Content-Type and Content-Encoding headers that will				overflow the buffer presenting them with the opportunity to write to				various parts of memory and possibly execute code of their choosing.								--				Ease of Attack:				Simple. Exploit code is publicly available.								--				False Positives:				None known.								--				False Negatives:				None known.								--				Corrective Action:				Upgrade to the latest non-affected version of the software.								--				Contributors:				Sourcefire Research Team				Alex Kirk 				Nigel Houghton 								--				Additional References								--							

相关资源