Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP Host Intrusion Detection System (HIDS)
151152153154155156157158159160
Templates and Alerts
Buffer Overflow Template
Appendix A
140
NOTE Refer to Table B-1 in Appendix B for the definition of argv[10] through argv[32] that can
be used to access specific alert information (i.e., pid, ppid) without having to parse the
string alert fields above.
Limitations The template does not detect that an actual buffer overflow attack was successful,
and only detects that one might have been attempted.
The template only reports exec-on-stack buffer overflow attacks on HP-UX 11i when
exec-on-stack protection is enabled.
argv[9] Local Time Integer <secs> Local time in
number of seconds
since epoch when
a privileged setuid
program was run
with an argument
that contains a
non-printable
character.
Table A-5 Argument with Non-printable Character Alert Properties (Continued)
Response
Program
Argument
Alert
Field
Alert
Field Type
Alert Value/Format Description