cvs

The cvs rule option is used to detect CVS vulnerabilities, and currently only one vulnerability is able to be detected: "Malformed Entry Modified and Unchanged flag insertion". This optional specifically looks for attempts to exploit a heap buffer overflow in CVS via malformed "Entry lines".

Each CVS vulnerability corresponds to an option name in Snort, and that option name is what's passed to the cvs option as an argument. But because there's currently only one CVS vulnerability that Snort can detect, there's only one option available: invalid-entry.

Format:

cvs:option;

Examples:

cvs:invalid-entry;