Host Intrusion Detection System Administrator's Guide Release 3.1
Templates and Alerts
Buffer Overflow Template
Appendix A
141
argv[3] Severity Integer 1 Alert severity
argv[4] UTC Time Integer <secs> UTC time in
number of seconds
since epoch when
a privileged setuid
program was run
with an argument
that contains a
nonprintable
character
argv[5] Attacker String uid=<uid>, gid=<gid>, pid=<pid>,
ppid=<ppid>
The user ID, group
ID, process ID,
and parent
process ID of the
process that
executed a
privileged setuid
program with an
argument that
contains a
nonprintable
character
argv[6] Target of
Attack
String file=<full
pathname>,type=<type>,
mode=<mode>,uid=<uid>,gid=<gid>,
inode=<inode>,device=<device>
The full path
name of the
setuid program
the attacker
executed with an
argument that
contains a
nonprintable
character and the
program’s type
mode, uid, gid,
inode, and device
number
argv[7] Summary String Potential Buffer overflow detected. Alert summary
Table A-5 Argument with Non-printable Character Alert Properties (Continued)
Response
Program
Argument
Alert
Field
Alert
Field Type
Alert Value/Format Description