Network Security: Detailed info on [Snort-sigs] PNG vulnerabilities and more

Subject:	[Snort-sigs] PNG vulnerabilities and more
Date:	Wed, 18 Aug 2004 14:03:35 -0700 (PDT)

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any
(msg:"libPNG - Remotely exploitable stack-based buffer
overrun in png_handle_tRNS";
pcre:"/\x89\x50\x4E\x47\x0D\x0A\x1A\x0A([\s\S]){17}\x03/Ri";
content:"tRNS"; byte_jump:4, -8, relative, big;
pcre:"/([\s\S]){8}/R";
pcre:"/([a-zA-Z]){2}[A-Z][a-zA-Z]/R";
reference:url,http.www.securiteam.com/unixfocus/5ZP0C0KDPG.html;
classtype:misc-activity; sid:2000000; rev:1;)

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any
(msg:"Microsoft Windows 2000 WebDAV / ntdll.dll Buffer
Overflow";
content:"%9C%8D%85\%FE%FF%FFP%FFU%98%8B@%10%8B%08%89%8DX%FE%FFHTTP/1.1";
rawbytes; nocase;
reference:url,http.securityresponse.symantec.com/avcenter/security/Content/3.17.2003.html;
classtype:misc-activity; sid:2000000; rev:1;)

alert tcp any any -> any any (msg:"Adobe
Acrobat/Acrobat Reader ActiveX Control Buffer Overflow
Vulnerability";
pcre:"/[\w]+\.pdf%00[\w-_\.!~*'"\(\)]+HTTP\/1\.1/Bi";
reference:url,http.www.securiteam.com/windowsntfocus/5BP0D20DPW.html;
classtype:misc-activity; sid:2000000; rev:1;)

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET 2702
(msg:"Denial of Service in Microsoft SMS Client";
content:"RCH0####RCHE"; isdataat:130,
relative;reference:url,http.www.securiteam.com/windowsntfocus/5WP0N1FDFW.html;
classtype:misc-activity; sid:2000000; rev:1;)

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any
(msg:"Unchecked Buffer in mstask.dll";
pcre:"/iframe[\s\S]+src[\s]*=[\s\S]+\.job/i";
reference:url,http.www.securiteam.com/windowsntfocus/5GP0B2ADFQ.html;
classtype:misc-activity; sid:2000000; rev:1;)

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any
(msg:"Internet Explorer Memory Corruption Bug";
pcre:"/<STYLE>[\s\S]*@\;\/*/i";
reference:url,http.www.securiteam.com/windowsntfocus/5XP051FDFM.html;
classtype:misc-activity; sid:2000000; rev:1;)




                
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail 


-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-sigs] PNG vulnerabilities and more, Joseph Gama <= Re: [Snort-sigs] PNG vulnerabilities and more, Joe Stewart Re: [Snort-sigs] PNG vulnerabilities and more, Joseph Gama Re: [Snort-sigs] PNG vulnerabilities and more, Joe Stewart

Previous by Date:	[Snort-sigs] Mozilla vulnerabilities, Joseph Gama
Next by Date:	Re: [Snort-sigs] Snort rules question., Matt Kettler
Previous by Thread:	[Snort-sigs] Mozilla vulnerabilities, Joseph Gama
Next by Thread:	Re: [Snort-sigs] PNG vulnerabilities and more, Joe Stewart
Indexes:	[Date] [Thread] [Top] [All Lists]