Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
619
Views
0
Helpful
1
Replies

IPS Tuning - Example Windows SMTP Overflow 5561

Go to solution
rmeans
Level 3
Level 3

‎09-10-2008 04:25 AM - edited ‎03-10-2019 04:17 AM

I have recently deployed a couple of IPS sensors. The sensor alarmed on sig 5561/0 (Windows SMTP Overflow).

http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=5561&signatureSubId=0&softwareVersion=6.0&releaseVersion=S339

From the link, the signature was updated in June 2008. The CVE is dated 2004 and Microsoft issued patches in 2004. Why is Cisco updating signatures for 4 year old vulnerabilities?

Is this latest release/update for a new vulnerability?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
wsulym
Cisco Employee
Cisco Employee

‎09-10-2008 04:52 AM

It was not a new vulnerability. The updated signature released in S339 coincides with the E2 engine release. 5561-0 is a meta-engine signature and the "update" that was done at the S339 release was to explicitly set a "all components required" flag to true.

Any change that changes the signature xml results in a revision/update.

Hope that helps.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
wsulym
Cisco Employee
Cisco Employee

‎09-10-2008 04:52 AM

It was not a new vulnerability. The updated signature released in S339 coincides with the E2 engine release. 5561-0 is a meta-engine signature and the "update" that was done at the S339 release was to explicitly set a "all components required" flag to true.

Any change that changes the signature xml results in a revision/update.

Hope that helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card