Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Sourcefire VRT Certified Rules Update

from [Sourcefire VRT] Network Security [Permanent Link]
Subject: [Snort-sigs] Sourcefire VRT Certified Rules Update
Date: Wed, 15 Feb 2006 12:42:31 -0500 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Rules Update

Synopsis:
The Sourcefire VRT has learned of multiple vulnerabilities affecting
hosts using the Microsoft operating system. The VRT has also added
rules to detect Skype usage as well as attacks aimed at Qualcomm
Worldmail and other applications.


Details:
Microsoft Security Bulletin MS06-005

Microsoft Media Player plugin is subject to a buffer overflow condition
when handling embedded media in web pages. The plugin is used in
Mozilla browsers on hosts using the Microsoft Windows operating system.

A value of more than 2081 bytes in the src tag of an embedded component
handled by Windows media player may present an attacker with the
opportunity to overflow a fixed length buffer and execute code of their
choosing on a vulnerable host.

A rule to detect attacks targeting this vulnerability is included in
this update and is identified as sid 5710.

Microsoft Security Bulletin MS06-006

Windows Media Player suffers from a programming error that may enable
an attacker to run code of their choosing on a vulnerable system. The
error occurs when processing malformed bitmap files with the
application. A bitmap file with length zero is not correctly checked
for actual length, and it may be possible for an attacker to create a
malicious image with size 0 but with actual data in the image that can
be copied into memory for execution.

A rule to detect attacks targeting this vulnerability is included in
this update and is identified as sid 5711.



New rules:
5692 - P2P Skype client successful install (p2p.rules)
5693 - P2P Skype client start up get latest version attempt (p2p.rules)
5694 - P2P Skype client setup get newest version attempt (p2p.rules)
5695 - WEB-IIS web agent redirect overflow attempt (web-iis.rules)
5696 - IMAP delete directory traversal attempt (imap.rules)
5697 - IMAP examine directory traversal attempt (imap.rules)
5698 - IMAP list directory traversal attempt (imap.rules)
5699 - IMAP lsub directory traversal attempt (imap.rules)
5700 - IMAP rename directory traversal attempt (imap.rules)
5701 - IMAP status directory traversal attempt (imap.rules)
5702 - IMAP subscribe directory traversal attempt (imap.rules)
5703 - IMAP unsubscribe directory traversal attempt (imap.rules)
5704 - IMAP SELECT overflow attempt (imap.rules)
5705 - IMAP CAPABILITY overflow attempt (imap.rules)
5706 - POLICY Namazu incoming namazu.cgi access (policy.rules)
5707 - POLICY Namazu outbound namazu.cgi access (policy.rules)
5709 - WEB-PHP file upload directory traversal (web-php.rules)
5710 - WEB-CLIENT Windows Media Player Plugin For Non-IE Browsers
Buffer Overflow (web-client.rules)
5711 - WEB-CLIENT Windows Media Player zero length bitmap heap overflow
attempt (web-client.rules)

Updated rules:
1021 - WEB-IIS ism.dll attempt (web-iis.rules)
1079 - WEB-MISC WebDAV propfind access (web-misc.rules)
1425 - WEB-PHP content-disposition file upload attempt (web-php.rules)
1861 - WEB-MISC Linksys router default username and password login
attempt (web-misc.rules)
2259 - SMTP EXPN overflow attempt (smtp.rules)
2260 - SMTP VRFY overflow attempt (smtp.rules)
2486 - DOS ISAKMP invalid identification payload attempt (dos.rules)
2522 - WEB-MISC SSLv3 invalid Client_Hello attempt (web-misc.rules)
3549 - WEB-CLIENT HTML DOM invalid element creation attempt
(web-client.rules)
3653 - SMTP SAML overflow attempt (smtp.rules)
3654 - SMTP SOML overflow attempt (smtp.rules)
3655 - SMTP SEND overflow attempt (smtp.rules)
3656 - SMTP MAIL overflow attempt (smtp.rules)
3824 - SMTP AUTH user overflow attempt (smtp.rules)
4060 - POLICY RDP attempted Administrator connection request
(policy.rules)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFD82gHMpm0ve0NhMcRAuGlAKCaIaNBdxBKYnnAa+5bSg4pKVvH0QCgpODc
GpCYeId2DVzz/oYPigxdpcg=
=vxMw
-----END PGP SIGNATURE-----


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-sigs] Grabbing more content, Matt Kettler
Next by Date:  [Snort-sigs] Bleeding-Edge Scan NMAP -sA (2) Rule, James Driskell - jdriskell
Previous by Thread:  [Snort-sigs] Correction sid 100000172, Blake Hartstein
Next by Thread:  [Snort-sigs] Sourcefire VRT Certified Rules Update, Sourcefire VRT
Indexes:  [Date] [Thread] [Top] [All Lists]