Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Sourcefire VRT Certified Rules Update

from [Sourcefire VRT] Network Security [Permanent Link]
Subject: [Snort-sigs] Sourcefire VRT Certified Rules Update
Date: Wed, 14 Dec 2005 19:30:45 -0500 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Rules Update

Synopsis:
The Sourcefire Vulnerability Research Team (VRT) has learned of
multiple vulnerabilities affecting hosts using the Microsoft operating
system.

Details:
Microsoft Security Bulletin MS05-054
A vulnerability exists in the way that Internet Explorer handles COM
objects that should not be used by Internet Explorer. When Internet
Explorer tries to use these COM objects as ActiveX controls, an
attacker may be presented with the opportunity to execute code of their
choosing on the target system.

Rules to detect attacks targeting this vulnerability are included in
this update and are identified as sids 4890 through 4915.

A vulnerability exists in the way Internet Explorer handles the
window() function supplied to the javascript "onload" handler as a
parameter.

The Sourcefire VRT has confirmed that a rule identified as sid 4647,
released on November 9, 2005, will generate events when an attempt is
made to exploit this vulnerability.

New rules:
4826 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance unicode little
endian attempt (netbios.rules)
4827 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance unicode little
endian attempt (netbios.rules)
4828 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode
little endian attempt (netbios.rules)
4829 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance unicode
attempt (netbios.rules)
4830 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode
attempt (netbios.rules)
4831 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance little endian
attempt (netbios.rules)
4832 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX
unicode attempt (netbios.rules)
4833 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX
attempt (netbios.rules)
4834 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance attempt
(netbios.rules)
4835 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance little endian
attempt (netbios.rules)
4836 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX attempt
(netbios.rules)
4837 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance unicode
attempt (netbios.rules)
4838 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX
unicode little endian attempt (netbios.rules)
4839 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance unicode attempt
(netbios.rules)
4840 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX
little endian attempt (netbios.rules)
4841 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance unicode little
endian attempt (netbios.rules)
4842 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
unicode little endian attempt (netbios.rules)
4843 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX little
endian attempt (netbios.rules)
4844 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance unicode
attempt (netbios.rules)
4845 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance unicode
little endian attempt (netbios.rules)
4846 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
attempt (netbios.rules)
4847 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance attempt
(netbios.rules)
4848 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
attempt (netbios.rules)
4849 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance attempt
(netbios.rules)
4850 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
unicode attempt (netbios.rules)
4851 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
little endian attempt (netbios.rules)
4852 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
little endian attempt (netbios.rules)
4853 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance little endian
attempt (netbios.rules)
4854 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance little
endian attempt (netbios.rules)
4855 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
unicode little endian attempt (netbios.rules)
4856 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance attempt
(netbios.rules)
4857 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
unicode attempt (netbios.rules)
4858 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance unicode little
endian andx attempt (netbios.rules)
4859 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance unicode little
endian andx attempt (netbios.rules)
4860 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode
little endian andx attempt (netbios.rules)
4861 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance unicode andx
attempt (netbios.rules)
4862 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode
andx attempt (netbios.rules)
4863 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance little endian
andx attempt (netbios.rules)
4864 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX
unicode andx attempt (netbios.rules)
4865 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX andx
attempt (netbios.rules)
4866 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance andx attempt
(netbios.rules)
4867 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance little endian
andx attempt (netbios.rules)
4868 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX andx
attempt (netbios.rules)
4869 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance unicode andx
attempt (netbios.rules)
4870 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX
unicode little endian andx attempt (netbios.rules)
4871 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance unicode andx
attempt (netbios.rules)
4872 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX
little endian andx attempt (netbios.rules)
4873 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance unicode little
endian andx attempt (netbios.rules)
4874 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
unicode little endian andx attempt (netbios.rules)
4875 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX little
endian andx attempt (netbios.rules)
4876 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance unicode
andx attempt (netbios.rules)
4877 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance unicode
little endian andx attempt (netbios.rules)
4878 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX andx
attempt (netbios.rules)
4879 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance andx attempt
(netbios.rules)
4880 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
andx attempt (netbios.rules)
4881 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance andx
attempt (netbios.rules)
4882 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
unicode andx attempt (netbios.rules)
4883 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
little endian andx attempt (netbios.rules)
4884 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
little endian andx attempt (netbios.rules)
4885 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance little endian
andx attempt (netbios.rules)
4886 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance little
endian andx attempt (netbios.rules)
4887 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
unicode little endian andx attempt (netbios.rules)
4888 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance andx attempt
(netbios.rules)
4889 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
unicode andx attempt (netbios.rules)
4890 - WEB-CLIENT IAVIStream & IAVIFile Proxy ActiveX Object Access
(web-client.rules)
4891 - WEB-CLIENT cfw Class ActiveX Object Access (web-client.rules)
4892 - WEB-CLIENT MTSEvents Class ActiveX Object Access
(web-client.rules)
4893 - WEB-CLIENT Trident HTMLEditor ActiveX Object Access
(web-client.rules)
4894 - WEB-CLIENT PSEnumVariant ActiveX Object Access
(web-client.rules)
4895 - WEB-CLIENT PSTypeInfo ActiveX Object Access (web-client.rules)
4896 - WEB-CLIENT PSTypeLib ActiveX Object Access (web-client.rules)
4897 - WEB-CLIENT PSOAInterface ActiveX Object Access
(web-client.rules)
4898 - WEB-CLIENT PSTypeComp ActiveX Object Access (web-client.rules)
4899 - WEB-CLIENT ISupportErrorInfo Interface ActiveX Object Access
(web-client.rules)
4900 - WEB-CLIENT Outlook Progress Ctl ActiveX Object Access
(web-client.rules)
4901 - WEB-CLIENT VMR Allocator Presenter 9 ActiveX Object Access
(web-client.rules)
4902 - WEB-CLIENT Video Mixing Renderer 9 ActiveX Object Access
(web-client.rules)
4903 - WEB-CLIENT VMR ImageSync 9 ActiveX Object Access
(web-client.rules)
4904 - WEB-CLIENT Microsoft Repository Alias ActiveX Object Access
(web-client.rules)
4905 - WEB-CLIENT Microsoft Repository Object ActiveX Object Access
(web-client.rules)
4906 - WEB-CLIENT Microsoft Repository Interface Definition ActiveX
Object Access (web-client.rules)
4907 - WEB-CLIENT Microsoft Repository Collection Definition ActiveX
Object Access (web-client.rules)
4908 - WEB-CLIENT Microsoft Repository Method Definition ActiveX Object
Access (web-client.rules)
4909 - WEB-CLIENT Microsoft Repository Property Definition ActiveX
Object Access (web-client.rules)
4910 - WEB-CLIENT Microsoft Repository Relationship Definition ActiveX
Object Access (web-client.rules)
4911 - WEB-CLIENT Microsoft Repository Type Library ActiveX Object
Access (web-client.rules)
4912 - WEB-CLIENT Microsoft Repository Root ActiveX Object Access
(web-client.rules)
4913 - WEB-CLIENT Microsoft Repository Workspace ActiveX Object Access
(web-client.rules)
4914 - WEB-CLIENT Microsoft Repository Script Definition ActiveX Object
Access (web-client.rules)
4915 - WEB-CLIENT Shortcut Handler ActiveX Object Access
(web-client.rules)
4916 - WEB-CLIENT internet explorer javascript onload document.write
obfuscation overflow attempt (web-client.rules)
4917 - WEB-CLIENT internet explorer javascript onload prompt
obfuscation overflow attempt (web-client.rules)
4918 - NETBIOS SMB umpnpmgr PNP_GetDeviceList dos attempt
(netbios.rules)
4919 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList dos attempt
(netbios.rules)
4920 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX little
endian dos attempt (netbios.rules)
4921 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX dos attempt
(netbios.rules)
4922 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList unicode dos attempt
(netbios.rules)
4923 - NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX unicode little
endian dos attempt (netbios.rules)
4924 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList little endian dos
attempt (netbios.rules)
4925 - NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX little endian
dos attempt (netbios.rules)
4926 - NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX unicode dos
attempt (netbios.rules)
4927 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX unicode
little endian dos attempt (netbios.rules)
4928 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList unicode dos attempt
(netbios.rules)
4929 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode
dos attempt (netbios.rules)
4930 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList little endian dos
attempt (netbios.rules)
4931 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX dos attempt
(netbios.rules)
4932 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList unicode little
endian dos attempt (netbios.rules)
4933 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX little
endian dos attempt (netbios.rules)
4934 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode dos
attempt (netbios.rules)
4935 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode
little endian dos attempt (netbios.rules)
4936 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList unicode dos attempt
(netbios.rules)
4937 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList unicode little endian
dos attempt (netbios.rules)
4938 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX little
endian dos attempt (netbios.rules)
4939 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode
little endian dos attempt (netbios.rules)
4940 - NETBIOS SMB umpnpmgr PNP_GetDeviceList unicode dos attempt
(netbios.rules)
4941 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList dos attempt
(netbios.rules)
4942 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList dos attempt
(netbios.rules)
4943 - NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX dos attempt
(netbios.rules)
4944 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList little endian dos
attempt (netbios.rules)
4945 - NETBIOS SMB umpnpmgr PNP_GetDeviceList little endian dos attempt
(netbios.rules)
4946 - NETBIOS SMB umpnpmgr PNP_GetDeviceList unicode little endian dos
attempt (netbios.rules)
4947 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX unicode dos
attempt (netbios.rules)
4948 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList unicode little endian
dos attempt (netbios.rules)
4949 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX dos
attempt (netbios.rules)
4950 - NETBIOS SMB umpnpmgr PNP_GetDeviceList andx dos attempt
(netbios.rules)
4951 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList andx dos attempt
(netbios.rules)
4952 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX little
endian andx dos attempt (netbios.rules)
4953 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX andx dos
attempt (netbios.rules)
4954 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList unicode andx dos
attempt (netbios.rules)
4955 - NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX unicode little
endian andx dos attempt (netbios.rules)
4956 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList little endian andx dos
attempt (netbios.rules)
4957 - NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX little endian
andx dos attempt (netbios.rules)
4958 - NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX unicode andx
dos attempt (netbios.rules)
4959 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX unicode
little endian andx dos attempt (netbios.rules)
4960 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList unicode andx dos
attempt (netbios.rules)
4961 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode
andx dos attempt (netbios.rules)
4962 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList little endian andx
dos attempt (netbios.rules)
4963 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX andx dos
attempt (netbios.rules)
4964 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList unicode little
endian andx dos attempt (netbios.rules)
4965 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX little
endian andx dos attempt (netbios.rules)
4966 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode andx
dos attempt (netbios.rules)
4967 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode
little endian andx dos attempt (netbios.rules)
4968 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList unicode andx dos
attempt (netbios.rules)
4969 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList unicode little endian
andx dos attempt (netbios.rules)
4970 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX little
endian andx dos attempt (netbios.rules)
4971 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode
little endian andx dos attempt (netbios.rules)
4972 - NETBIOS SMB umpnpmgr PNP_GetDeviceList unicode andx dos attempt
(netbios.rules)
4973 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList andx dos attempt
(netbios.rules)
4974 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList andx dos attempt
(netbios.rules)
4975 - NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX andx dos
attempt (netbios.rules)
4976 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList little endian andx dos
attempt (netbios.rules)
4977 - NETBIOS SMB umpnpmgr PNP_GetDeviceList little endian andx dos
attempt (netbios.rules)
4978 - NETBIOS SMB umpnpmgr PNP_GetDeviceList unicode little endian
andx dos attempt (netbios.rules)
4979 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX unicode andx
dos attempt (netbios.rules)
4980 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList unicode little endian
andx dos attempt (netbios.rules)
4981 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX andx dos
attempt (netbios.rules)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDoLk1Mpm0ve0NhMcRAiczAJ0Shy8groElRbyEi9lxtFb+OV5fqgCfZK+9
ZlEuBUQJQsenzfD1Ws8TOVM=
=uJlY
-----END PGP SIGNATURE-----


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] Snort Community Rules Update, Sourcefire VRT
Next by Date:  [Snort-sigs] new rule for detect Trend Micro ServerProtect isaNVWRequest.dll access, rmkml
Previous by Thread:  [Snort-sigs] Sourcefire VRT Certified Rules Update, Sourcefire VRT
Next by Thread:  [Snort-sigs] Sourcefire VRT Certified Rules Update, Sourcefire VRT
Indexes:  [Date] [Thread] [Top] [All Lists]