This message is to announce the availability of an update for the
Sourcefire community rule set, which can be downloaded free of cost or
registration from http://www.snort.org/pub-bin/downloads.cgi.
New rules in this release are identified as SIDs 100000199-100000206.
These rules detect logins attempts to the Symantec Brightmail Antispam
system using a default password; access to the Novell eDirectory
iMonitor system, which is vulnerable to a buffer overflow attack; access
to a script within the CuteNews system that is vulnerable to arbitrary
code injection; and access to page/parameter sets in the DeluxeBB system
which are vulnerable to SQL injection attacks.
Sourcefire would like to thank rmkml for submitting these rules. As a
reminder, anyone who wishes to submit rules may do so at
http://www.snort.org/reg-bin/rulesubmit.cgi.
A list of new rules and their SIDs follows.
Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.
100000199 || COMMUNITY MISC Novell eDirectory iMonitor access
100000200 || COMMUNITY WEB-MISC Symantec Brightmail Antispam default
login attempt
100000201 || COMMUNITY WEB-PHP CuteNews flood.db.php access
100000202 || COMMUNITY WEB-PHP DeluxeBB topic.php access
100000203 || COMMUNITY WEB-PHP DeluxeBB misc.php access
100000204 || COMMUNITY WEB-PHP DeluxeBB pm.php access
100000205 || COMMUNITY WEB-PHP DeluxeBB forums.php access
100000206 || COMMUNITY WEB-PHP DeluxeBB newpost.php access
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
