File: 100000121.txt

package info (click to toggle)
snort 2.7.0-20.4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 34,512 kB
  • ctags: 18,772
  • sloc: ansic: 115,404; sh: 10,893; makefile: 1,372; perl: 487; sql: 213
file content (63 lines) | stat: -rw-r--r-- 1,395 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
Rule: 

--
Sid: 
100000121

-- 
Summary: 
This event is generated when a script named "test" is accessed from a location 
outside of EXTERNAL_NET.

-- 

Impact: 
Varies depending upon the script.

--
Detailed Information:
Generally speaking, scripts named "test" should not be accessed by anyone 
outside of the developer's internal network. These scripts rarely lack proper 
input sanitization, often allow unfettered access to sensitive resources, and 
can suffer from a host of vulnerabilities due to the fact that developers 
generally do not have security in mind when testing a script. 

--
Affected Systems:
Any system with an improperly secured developer test script.

--

Attack Scenarios: 
Attacks vary depending upon the nature of the script.

-- 

Ease of Attack: 
The ease of attacks vary depending upon the nature of the script.

-- 

False Positives:
Some scripts may legitimately be named "test", or developers may access these 
scripts from outside of their internal development environment. Users who are 
receiving an inordinate amount of false positives may wish to disable this rule.

--
False Negatives:
None Known.

-- 

Corrective Action: 
Test scripts should be properly hardened if they are made publicly available, 
or access to them should be restricted to authorized personnel.

--
Contributors: 
Alex Kirk <alex.kirk@sourcefire.com>

-- 
Additional References:

--