Re: [Snort-sigs] Some "Fixes" for Community Rules.....

Thanks for pointing these out. They'll be fixed shortly.

Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.

> Here are some fixes for the community rules. They concern all the references
> in the rules.....
>
> alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"COMMUNITY IMAP GNU
> Mailutils imap4d hex attempt"; flow:established,to_server; content:"SEARCH
> TOPIC %"; reference:cve,2005-2878; reference:bugtraq,14794;
> reference:nessus,19605;
> reference:url,www.osvdb.org/displayvuln.php?osvdb_id=19306;
> classtype:misc-attack; sid:100000207; rev:1;)
>
> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY
> WEB-MISC FtpLocate flsearch.pl possible command execution attempt";
> flow:to_server,established; uricontent:"/flsearch.pl"; nocase;
> uricontent:"cmd|3D|exec_flsearch"; nocase; reference:bugtraq,14367;
> reference:cve,2005-2420; reference:nessus,19300;
> reference:url,www.osvdb.org/displayvuln.php?osvdb_id=18305;
> classtype:web-application-attack; sid:100000209; rev:1;)
>
> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY
> WEB-PHP Gallery g2_itemId access"; flow:to_server,established;
> uricontent:"/main.php"; nocase; uricontent:"g2_itemId|3D|"; nocase;
> reference:bugtraq,15108; reference:cve,2005-0222; reference:nessus,20015;
> reference:url,www.osvdb.org/displayvuln.php?osvdb_id=13034;
> classtype:web-application-attack; sid:100000211; rev:1;)
>
> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY
> WEB-PHP Gallery g2_return access"; flow:to_server,established;
> uricontent:"/main.php"; nocase; uricontent:"g2_return|3D|"; nocase;
> reference:bugtraq,15108; reference:cve,2005-0222; reference:nessus,20015;
> reference:url,www.osvdb.org/displayvuln.php?osvdb_id=13034;
> classtype:web-application-attack; sid:100000212; rev:1;)
>
> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY
> WEB-PHP Gallery g2_view access"; flow:to_server,established;
> uricontent:"/main.php"; nocase; uricontent:"g2_view|3D|"; nocase;
> reference:bugtraq,15108; reference:cve,2005-0222; reference:nessus,20015;
> reference:url,www.osvdb.org/displayvuln.php?osvdb_id=13034;
> classtype:web-application-attack; sid:100000213; rev:1;)
>
> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY
> WEB-PHP Gallery g2_subView access"; flow:to_server,established;
> uricontent:"/main.php"; nocase; uricontent:"g2_subView|3D|"; nocase;
> reference:bugtraq,15108; reference:cve,2005-0222; reference:nessus,20015;
> reference:url,www.osvdb.org/displayvuln.php?osvdb_id=13034;
> classtype:web-application-attack; sid:100000214; rev:1;)
>
> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8008 (msg:"COMMUNITY MISC
> Novell eDirectory iMonitor access"; flow:to_server,established;
> uricontent:"/nds/"; nocase; reference:bugtraq,14548;
> reference:cve,2005-2551; reference:nessus,19248;
> reference:url,www.osvdb.org/displayvuln.php?osvdb_id=18703;
> classtype:web-application-attack; sid:100000199; rev:1;)
>
> In the first 6 there was an "," in the osvdb-reference and in the last one
> there was a mistype in the nessus-reference.....
>
> Regards
>
> Stefan 
>
>  



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs