Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Sourcefire VRT Certified Rules Update

from [Sourcefire VRT] Network Security [Permanent Link]
Subject: [Snort-sigs] Sourcefire VRT Certified Rules Update
Date: Wed, 09 Nov 2005 17:55:31 -0500 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Rules Update

Synopsis:
The Sourcefire Vulnerability Research Team (VRT) has learned of
vulnerabilities affecting the Microsoft Windows shell environment,
Oracle, Samba and Macromedia Flash. The Sourcefire VRT has also
enhanced detection for a number of rules issued in previous rule pack
releases.


Details:
A vulnerability in the way that the Windows shell handles the file
properties of a shortcut file may allow an attacker to overflow a fixed
length buffer and execute code of their choosing on the target system.

Rules to detect attempts to exploit this vulnerability are included in
this rule pack and are identified as sids 4643 and 4644.

A vulnerability exists in the Oracle Enterprise Manager Application
Server Control application. This application does not properly check
the length of user supplied data in parameters sent to the listening
service. An attacker may be able to overflow a fixed length buffer and
execute code of their choosing on an affected system.

Rules to detect attempts to exploit this vulnerability are included in
this rule pack and are identified as sids 4642, 4646 and 4677.

A vulnerability in Samba exists due to a programming error which may
present an attacker with the opportunity to exploit the service and run
code of their choosing on an affected system. The attacker may also
cause a DoS condition in the service or possibly gain unauthorized
access to the target host.

Rules to detect attempts to exploit this vulnerability are included in
this rule pack and are identified as sids 4651 through 4674.

A programming error in certain versions of the Macromedia Flash Player
may allow an attacker to run code of their choosing on a victim host.
The Player does not perform stringent bounds checking when processing
flash movies, which may permit an attacker to include code of their
choosing into a malicious flash format file.

A rule to detect attempts to exploit this vulnerability is included in
this rule pack and is identified as sid 4675.

New rules:
4642 - ORACLE sys.pbsde.init buffer overflow attempt (oracle.rules)
4643 - WEB-CLIENT malformed windows shortcut file buffer overflow
attempt (web-client.rules)
4644 - WEB-CLIENT malformed windows shortcut file with comment buffer
overflow attempt (web-client.rules)
4645 - IMAP search format string attempt (imap.rules)
4646 - IMAP search literal format string attempt (imap.rules)
4647 - WEB-CLIENT internet explorer javascript onload denial of
service attempt (web-client.rules)
4648 - WEB-CLIENT wang image admin activex object access
(web-client.rules)
4649 - MYSQL CREATE FUNCTION buffer overflow attempt (mysql.rules)
4650 - WEB-MISC cacti graph_image.php access (web-misc.rules)
4651 - NETBIOS SMB NT Trans NT SET SECURITY DESC SACL overflow attempt
(netbios.rules)
4652 - NETBIOS SMB NT Trans NT SET SECURITY DESC andx SACL overflow
attempt (netbios.rules)
4653 - NETBIOS SMB NT Trans NT SET SECURITY DESC unicode SACL overflow
attempt (netbios.rules)
4654 - NETBIOS SMB NT Trans NT SET SECURITY DESC unicode andx SACL
overflow attempt (netbios.rules)
4655 - NETBIOS SMB-DS NT Trans NT SET SECURITY DESC SACL overflow
attempt (netbios.rules)
4656 - NETBIOS SMB-DS NT Trans NT SET SECURITY DESC andx SACL overflow
attempt (netbios.rules)
4657 - NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode SACL
overflow attempt (netbios.rules)
4658 - NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode andx SACL
overflow attempt (netbios.rules)
4659 - NETBIOS-DG SMB NT Trans NT SET SECURITY DESC SACL overflow
attempt (netbios.rules)
4660 - NETBIOS-DG SMB NT Trans NT SET SECURITY DESC andx SACL overflow
attempt (netbios.rules)
4661 - NETBIOS-DG SMB NT Trans NT SET SECURITY DESC unicode SACL
overflow attempt (netbios.rules)
4662 - NETBIOS-DG SMB NT Trans NT SET SECURITY DESC unicode andx SACL
overflow attempt (netbios.rules)
4663 - NETBIOS SMB NT Trans NT SET SECURITY DESC DACL overflow attempt
(netbios.rules)
4664 - NETBIOS SMB NT Trans NT SET SECURITY DESC andx DACL overflow
attempt (netbios.rules)
4665 - NETBIOS SMB NT Trans NT SET SECURITY DESC unicode DACL overflow
attempt (netbios.rules)
4666 - NETBIOS SMB NT Trans NT SET SECURITY DESC unicode andx DACL
overflow attempt (netbios.rules)
4667 - NETBIOS SMB-DS NT Trans NT SET SECURITY DESC DACL overflow
attempt (netbios.rules)
4668 - NETBIOS SMB-DS NT Trans NT SET SECURITY DESC andx DACL overflow
attempt (netbios.rules)
4669 - NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode DACL
overflow attempt (netbios.rules)
4670 - NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode andx DACL
overflow attempt (netbios.rules)
4671 - NETBIOS-DG SMB NT Trans NT SET SECURITY DESC DACL overflow
attempt (netbios.rules)
4672 - NETBIOS-DG SMB NT Trans NT SET SECURITY DESC andx DACL overflow
attempt (netbios.rules)
4673 - NETBIOS-DG SMB NT Trans NT SET SECURITY DESC unicode DACL
overflow attempt (netbios.rules)
4674 - NETBIOS-DG SMB NT Trans NT SET SECURITY DESC unicode andx DACL
overflow attempt (netbios.rules)
4675 - WEB-CLIENT Macromedia swf DOACTION tag overflow attempt
(web-client.rules)
4676 - ORACLE enterprise manager application server control POST
parameter overflow attempt (oracle.rules)
4677 - ORACLE enterprise manager application server control GET
parameter overflow attempt (oracle.rules)
4678 - WEB-CLIENT quicktime movie file transfer (web-client.rules)
4679 - WEB-CLIENT quicktime movie file component name integer overflow
multipacket attempt (web-client.rules)
4680 - WEB-CLIENT quicktime movie file component name integer overflow
attempt (web-client.rules)

Updated rules:
~ 324 - FINGER null request (finger.rules)
~ 904 - WEB-COLDFUSION exampleapp application.cfm (web-coldfusion.rules)
~ 905 - WEB-COLDFUSION application.cfm access (web-coldfusion.rules)
~ 906 - WEB-COLDFUSION getfile.cfm access (web-coldfusion.rules)
1042 - WEB-IIS view source via translate header (web-iis.rules)
1600 - WEB-CGI htsearch arbitrary configuration file attempt
(web-cgi.rules)
1973 - FTP MKD overflow attempt (ftp.rules)
2570 - WEB-MISC Invalid HTTP Version String (web-misc.rules)
3442 - DOS WIN32 TCP print service overflow attempt (dos.rules)
4143 - EXPLOIT lpd receive printer job cascade adaptor protocol
request (exploit.rules)
4144 - EXPLOIT lpd Solaris unlink file attempt (exploit.rules)
4381 - NETBIOS SMB spoolss alter context attempt (netbios.rules)
4382 - NETBIOS SMB spoolss andx alter context attempt (netbios.rules)
4383 - NETBIOS SMB spoolss WriteAndX alter context attempt (netbios.rules)
4384 - NETBIOS SMB spoolss WriteAndX andx alter context attempt
(netbios.rules)
4385 - NETBIOS SMB spoolss unicode alter context attempt (netbios.rules)
4386 - NETBIOS SMB spoolss WriteAndX unicode alter context attempt
(netbios.rules)
4387 - NETBIOS SMB spoolss unicode andx alter context attempt
(netbios.rules)
4388 - NETBIOS SMB spoolss WriteAndX unicode andx alter context
attempt (netbios.rules)
4389 - NETBIOS SMB spoolss little endian alter context attempt
(netbios.rules)
4390 - NETBIOS SMB spoolss WriteAndX little endian alter context
attempt (netbios.rules)
4391 - NETBIOS SMB spoolss little endian andx alter context attempt
(netbios.rules)
4392 - NETBIOS SMB spoolss WriteAndX little endian andx alter context
attempt (netbios.rules)
4393 - NETBIOS SMB spoolss unicode little endian alter context attempt
(netbios.rules)
4394 - NETBIOS SMB spoolss WriteAndX unicode little endian alter
context attempt (netbios.rules)
4395 - NETBIOS SMB spoolss unicode little endian andx alter context
attempt (netbios.rules)
4396 - NETBIOS SMB spoolss WriteAndX unicode little endian andx alter
context attempt (netbios.rules)
4397 - NETBIOS SMB spoolss bind attempt (netbios.rules)
4398 - NETBIOS SMB spoolss andx bind attempt (netbios.rules)
4399 - NETBIOS SMB spoolss WriteAndX bind attempt (netbios.rules)
4400 - NETBIOS SMB spoolss WriteAndX andx bind attempt (netbios.rules)
4401 - NETBIOS SMB spoolss unicode bind attempt (netbios.rules)
4402 - NETBIOS SMB spoolss WriteAndX unicode bind attempt (netbios.rules)
4403 - NETBIOS SMB spoolss unicode andx bind attempt (netbios.rules)
4404 - NETBIOS SMB spoolss WriteAndX unicode andx bind attempt
(netbios.rules)
4405 - NETBIOS SMB spoolss little endian bind attempt (netbios.rules)
4406 - NETBIOS SMB spoolss WriteAndX little endian bind attempt
(netbios.rules)
4407 - NETBIOS SMB spoolss little endian andx bind attempt (netbios.rules)
4408 - NETBIOS SMB spoolss WriteAndX little endian andx bind attempt
(netbios.rules)
4409 - NETBIOS SMB spoolss unicode little endian bind attempt
(netbios.rules)
4410 - NETBIOS SMB spoolss WriteAndX unicode little endian bind
attempt (netbios.rules)
4411 - NETBIOS SMB spoolss unicode little endian andx bind attempt
(netbios.rules)
4412 - NETBIOS SMB spoolss WriteAndX unicode little endian andx bind
attempt (netbios.rules)
4413 - NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX little endian
andx overflow attempt (netbios.rules)
4414 - NETBIOS SMB spoolss AddPrinterEx little endian overflow attempt
(netbios.rules)
4415 - NETBIOS SMB spoolss AddPrinterEx little endian andx overflow
attempt (netbios.rules)
4416 - NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX unicode little
endian overflow attempt (netbios.rules)
4417 - NETBIOS SMB v4 spoolss AddPrinterEx unicode little endian
overflow attempt (netbios.rules)
4418 - NETBIOS SMB spoolss AddPrinterEx WriteAndX unicode little
endian overflow attempt (netbios.rules)
4419 - NETBIOS SMB spoolss AddPrinterEx WriteAndX little endian
overflow attempt (netbios.rules)
4420 - NETBIOS SMB v4 spoolss AddPrinterEx little endian andx overflow
attempt (netbios.rules)
4421 - NETBIOS SMB spoolss AddPrinterEx unicode little endian overflow
attempt (netbios.rules)
4422 - NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX unicode little
endian andx overflow attempt (netbios.rules)
4423 - NETBIOS SMB spoolss AddPrinterEx unicode little endian andx
overflow attempt (netbios.rules)
4424 - NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX unicode andx
overflow attempt (netbios.rules)
4425 - NETBIOS SMB v4 spoolss AddPrinterEx little endian overflow
attempt (netbios.rules)
4426 - NETBIOS SMB v4 spoolss AddPrinterEx unicode little endian andx
overflow attempt (netbios.rules)
4427 - NETBIOS SMB spoolss AddPrinterEx WriteAndX unicode little
endian andx overflow attempt (netbios.rules)
4428 - NETBIOS SMB spoolss AddPrinterEx WriteAndX little endian andx
overflow attempt (netbios.rules)
4429 - NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX little endian
overflow attempt (netbios.rules)
4430 - NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX overflow attempt
(netbios.rules)
4431 - NETBIOS SMB spoolss AddPrinterEx WriteAndX overflow attempt
(netbios.rules)
4432 - NETBIOS SMB v4 spoolss AddPrinterEx unicode andx overflow
attempt (netbios.rules)
4433 - NETBIOS SMB spoolss AddPrinterEx unicode andx overflow attempt
(netbios.rules)
4434 - NETBIOS SMB v4 spoolss AddPrinterEx overflow attempt
(netbios.rules)
4435 - NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX unicode overflow
attempt (netbios.rules)
4436 - NETBIOS SMB v4 spoolss AddPrinterEx unicode overflow attempt
(netbios.rules)
4437 - NETBIOS SMB v4 spoolss AddPrinterEx andx overflow attempt
(netbios.rules)
4438 - NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX andx overflow
attempt (netbios.rules)
4439 - NETBIOS SMB spoolss AddPrinterEx overflow attempt (netbios.rules)
4440 - NETBIOS SMB spoolss AddPrinterEx WriteAndX unicode overflow
attempt (netbios.rules)
4441 - NETBIOS SMB spoolss AddPrinterEx andx overflow attempt
(netbios.rules)
4442 - NETBIOS SMB spoolss AddPrinterEx WriteAndX andx overflow
attempt (netbios.rules)
4443 - NETBIOS SMB spoolss AddPrinterEx unicode overflow attempt
(netbios.rules)
4444 - NETBIOS SMB spoolss AddPrinterEx WriteAndX unicode andx
overflow attempt (netbios.rules)
4445 - NETBIOS SMB-DS spoolss alter context attempt (netbios.rules)
4446 - NETBIOS SMB-DS spoolss andx alter context attempt (netbios.rules)
4447 - NETBIOS SMB-DS spoolss WriteAndX alter context attempt
(netbios.rules)
4448 - NETBIOS SMB-DS spoolss WriteAndX andx alter context attempt
(netbios.rules)
4449 - NETBIOS SMB-DS spoolss unicode alter context attempt
(netbios.rules)
4450 - NETBIOS SMB-DS spoolss WriteAndX unicode alter context attempt
(netbios.rules)
4451 - NETBIOS SMB-DS spoolss unicode andx alter context attempt
(netbios.rules)
4452 - NETBIOS SMB-DS spoolss WriteAndX unicode andx alter context
attempt (netbios.rules)
4453 - NETBIOS SMB-DS spoolss little endian alter context attempt
(netbios.rules)
4454 - NETBIOS SMB-DS spoolss WriteAndX little endian alter context
attempt (netbios.rules)
4455 - NETBIOS SMB-DS spoolss little endian andx alter context attempt
(netbios.rules)
4456 - NETBIOS SMB-DS spoolss WriteAndX little endian andx alter
context attempt (netbios.rules)
4457 - NETBIOS SMB-DS spoolss unicode little endian alter context
attempt (netbios.rules)
4458 - NETBIOS SMB-DS spoolss WriteAndX unicode little endian alter
context attempt (netbios.rules)
4459 - NETBIOS SMB-DS spoolss unicode little endian andx alter context
attempt (netbios.rules)
4460 - NETBIOS SMB-DS spoolss WriteAndX unicode little endian andx
alter context attempt (netbios.rules)
4461 - NETBIOS SMB-DS spoolss bind attempt (netbios.rules)
4462 - NETBIOS SMB-DS spoolss andx bind attempt (netbios.rules)
4463 - NETBIOS SMB-DS spoolss WriteAndX bind attempt (netbios.rules)
4464 - NETBIOS SMB-DS spoolss WriteAndX andx bind attempt (netbios.rules)
4465 - NETBIOS SMB-DS spoolss unicode bind attempt (netbios.rules)
4466 - NETBIOS SMB-DS spoolss WriteAndX unicode bind attempt
(netbios.rules)
4467 - NETBIOS SMB-DS spoolss unicode andx bind attempt (netbios.rules)
4468 - NETBIOS SMB-DS spoolss WriteAndX unicode andx bind attempt
(netbios.rules)
4469 - NETBIOS SMB-DS spoolss little endian bind attempt (netbios.rules)
4470 - NETBIOS SMB-DS spoolss WriteAndX little endian bind attempt
(netbios.rules)
4471 - NETBIOS SMB-DS spoolss little endian andx bind attempt
(netbios.rules)
4472 - NETBIOS SMB-DS spoolss WriteAndX little endian andx bind
attempt (netbios.rules)
4473 - NETBIOS SMB-DS spoolss unicode little endian bind attempt
(netbios.rules)
4474 - NETBIOS SMB-DS spoolss WriteAndX unicode little endian bind
attempt (netbios.rules)
4475 - NETBIOS SMB-DS spoolss unicode little endian andx bind attempt
(netbios.rules)
4476 - NETBIOS SMB-DS spoolss WriteAndX unicode little endian andx
bind attempt (netbios.rules)
4477 - NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX little endian
andx overflow attempt (netbios.rules)
4478 - NETBIOS SMB-DS spoolss AddPrinterEx little endian overflow
attempt (netbios.rules)
4479 - NETBIOS SMB-DS spoolss AddPrinterEx little endian andx overflow
attempt (netbios.rules)
4480 - NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX unicode little
endian overflow attempt (netbios.rules)
4481 - NETBIOS SMB-DS v4 spoolss AddPrinterEx unicode little endian
overflow attempt (netbios.rules)
4482 - NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX unicode little
endian overflow attempt (netbios.rules)
4483 - NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX little endian
overflow attempt (netbios.rules)
4484 - NETBIOS SMB-DS v4 spoolss AddPrinterEx little endian andx
overflow attempt (netbios.rules)
4485 - NETBIOS SMB-DS spoolss AddPrinterEx unicode little endian
overflow attempt (netbios.rules)
4486 - NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX unicode little
endian andx overflow attempt (netbios.rules)
4487 - NETBIOS SMB-DS spoolss AddPrinterEx unicode little endian andx
overflow attempt (netbios.rules)
4488 - NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX unicode andx
overflow attempt (netbios.rules)
4489 - NETBIOS SMB-DS v4 spoolss AddPrinterEx little endian overflow
attempt (netbios.rules)
4490 - NETBIOS SMB-DS v4 spoolss AddPrinterEx unicode little endian
andx overflow attempt (netbios.rules)
4491 - NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX unicode little
endian andx overflow attempt (netbios.rules)
4492 - NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX little endian
andx overflow attempt (netbios.rules)
4493 - NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX little endian
overflow attempt (netbios.rules)
4494 - NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX overflow
attempt (netbios.rules)
4495 - NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX overflow attempt
(netbios.rules)
4496 - NETBIOS SMB-DS v4 spoolss AddPrinterEx unicode andx overflow
attempt (netbios.rules)
4497 - NETBIOS SMB-DS spoolss AddPrinterEx unicode andx overflow
attempt (netbios.rules)
4498 - NETBIOS SMB-DS v4 spoolss AddPrinterEx overflow attempt
(netbios.rules)
4499 - NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX unicode
overflow attempt (netbios.rules)
4500 - NETBIOS SMB-DS v4 spoolss AddPrinterEx unicode overflow attempt
(netbios.rules)
4501 - NETBIOS SMB-DS v4 spoolss AddPrinterEx andx overflow attempt
(netbios.rules)
4502 - NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX andx overflow
attempt (netbios.rules)
4503 - NETBIOS SMB-DS spoolss AddPrinterEx overflow attempt
(netbios.rules)
4504 - NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX unicode overflow
attempt (netbios.rules)
4505 - NETBIOS SMB-DS spoolss AddPrinterEx andx overflow attempt
(netbios.rules)
4506 - NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX andx overflow
attempt (netbios.rules)
4507 - NETBIOS SMB-DS spoolss AddPrinterEx unicode overflow attempt
(netbios.rules)
4508 - NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX unicode andx
overflow attempt (netbios.rules)

- - Sourcefire VRT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDcn5iMpm0ve0NhMcRAnCgAKChmxm8hOB1kZ9nk1mIkdUkeNjEogCfQ6ac
qlccV59fRMy0DaMX1/2B4xU=
=oBoE
-----END PGP SIGNATURE-----



-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Snort-sigs] Sourcefire VRT Certified Rules Update, Sourcefire VRT <=
Previous by Date:  [Snort-sigs] new rule for detect apache (1.3/2.0) dir browsing|list, rmkml
Next by Date:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Previous by Thread:  [Snort-sigs] new rule for detect apache (1.3/2.0) dir browsing|list, rmkml
Next by Thread:  [Snort-sigs] new rule for detect Cross-Site Scripting php attempt, rmkml
Indexes:  [Date] [Thread] [Top] [All Lists]