[Snort-sigs] Some "Fixes" for Community Rules.....

Here are some fixes for the community rules. They concern all the references
in the rules.....

alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"COMMUNITY IMAP GNU
Mailutils imap4d hex attempt"; flow:established,to_server; content:"SEARCH
TOPIC %"; reference:cve,2005-2878; reference:bugtraq,14794;
reference:nessus,19605;
reference:url,www.osvdb.org/displayvuln.php?osvdb_id=19306;
classtype:misc-attack; sid:100000207; rev:1;)

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY
WEB-MISC FtpLocate flsearch.pl possible command execution attempt";
flow:to_server,established; uricontent:"/flsearch.pl"; nocase;
uricontent:"cmd|3D|exec_flsearch"; nocase; reference:bugtraq,14367;
reference:cve,2005-2420; reference:nessus,19300;
reference:url,www.osvdb.org/displayvuln.php?osvdb_id=18305;
classtype:web-application-attack; sid:100000209; rev:1;)

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY
WEB-PHP Gallery g2_itemId access"; flow:to_server,established;
uricontent:"/main.php"; nocase; uricontent:"g2_itemId|3D|"; nocase;
reference:bugtraq,15108; reference:cve,2005-0222; reference:nessus,20015;
reference:url,www.osvdb.org/displayvuln.php?osvdb_id=13034;
classtype:web-application-attack; sid:100000211; rev:1;)

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY
WEB-PHP Gallery g2_return access"; flow:to_server,established;
uricontent:"/main.php"; nocase; uricontent:"g2_return|3D|"; nocase;
reference:bugtraq,15108; reference:cve,2005-0222; reference:nessus,20015;
reference:url,www.osvdb.org/displayvuln.php?osvdb_id=13034;
classtype:web-application-attack; sid:100000212; rev:1;)

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY
WEB-PHP Gallery g2_view access"; flow:to_server,established;
uricontent:"/main.php"; nocase; uricontent:"g2_view|3D|"; nocase;
reference:bugtraq,15108; reference:cve,2005-0222; reference:nessus,20015;
reference:url,www.osvdb.org/displayvuln.php?osvdb_id=13034;
classtype:web-application-attack; sid:100000213; rev:1;)

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY
WEB-PHP Gallery g2_subView access"; flow:to_server,established;
uricontent:"/main.php"; nocase; uricontent:"g2_subView|3D|"; nocase;
reference:bugtraq,15108; reference:cve,2005-0222; reference:nessus,20015;
reference:url,www.osvdb.org/displayvuln.php?osvdb_id=13034;
classtype:web-application-attack; sid:100000214; rev:1;)

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8008 (msg:"COMMUNITY MISC
Novell eDirectory iMonitor access"; flow:to_server,established;
uricontent:"/nds/"; nocase; reference:bugtraq,14548;
reference:cve,2005-2551; reference:nessus,19248;
reference:url,www.osvdb.org/displayvuln.php?osvdb_id=18703;
classtype:web-application-attack; sid:100000199; rev:1;)

In the first 6 there was an "," in the osvdb-reference and in the last one
there was a mistype in the nessus-reference.....

Regards

Stefan 

-- 
10 GB Mailbox, 100 FreeSMS/Monat http://www.gmx.net/de/go/topmail
+++ GMX - die erste Adresse für Mail, Message, More +++

-- 
10 GB Mailbox, 100 FreeSMS/Monat http://www.gmx.net/de/go/topmail
+++ GMX - die erste Adresse für Mail, Message, More +++


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs