[Snort-sigs] New rule for detect GFI MailSecurity Header Overflow

Hi,

Please check and add this two new rules :

web-iis.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"EXPLOIT 
GFI MailSecurity Mgmt Host Overflow attempt"; flow:to_server,established; 
content:"Host"; nocase; pcre:"/^Host[^s]{100}/smi"; reference:bugtraq,15081; 
reference:osvdb,19926; classtype:attempted-admin; )

web-iis.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"EXPLOIT 
GFI MailSecurity Mgmt Accept Overflow attempt"; flow:to_server,established;
content:"Accept"; nocase; pcre:"/^Accept[^s]{100}/smi"; reference:bugtraq,15081;
reference:osvdb,19926; classtype:attempted-admin; )

Im choosed web-iis.rules file because GFI MailSecurity product is running 
on win32 platform (on iis srv).

Regards
Rmkml


-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs