""GPL SQL from_tz buffer overflow attempt""

SID: 2102644

Revision: 4

Class Type: attempted-user

Metadata: created_at 2010_09_23, confidence High, updated_at 2012_09_24

Reference:

• Link

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $SQL_SERVERS

Destination Port: $ORACLE_PORTS

Flow: to_server,established

Contents:

• Value: "FROM_TZ"

Within:

PCRE: "/(\sTIMESTAMP\s(\s(\x27[^\x27]+'|\x22[^\x22]+\x22)\s,)\s*((\x27[^\x27]{1000})|(\x22[^\x22]{1000}))/Rmsi"

Special Options:

• nocase

source