Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Sourcefire VRT Certified Rules Update

from [Sourcefire VRT] Network Security [Permanent Link]
Subject: [Snort-sigs] Sourcefire VRT Certified Rules Update
Date: Wed, 08 Mar 2006 18:27:30 -0500 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Rules Update

Synopsis:
The Sourcefire VRT has also added rules and improved detection
capabilities as a result of ongoing research into vulnerabilities and
in response to feedback regarding rule performance in certain
situations.


Details:
Microsoft Security Bulletin MS05-027
A buffer overflow exists in the SMB (Server Message Block) Protocol
implementation in Microsoft Windows 2000, Windows XP and Windows 2003
that allows attackers to cause a denial of service via a malformed
request.

Rules to detect attacks against this vulnerability are included in this
rule pack and are identified as sids 5727 through 5783.

Apple Macintosh OS X suffers from a poorly designed use of resource
forking for applications. It may be possible for an attacker to execute
code of their choosing or execute system commands by exploiting the way
in which OS X handles the opening of files determined to be safe.

A rule to detect exploits against this vulnerability is included in
this rule pack and is identified as sid 5713.


New rules:
5714 - SMTP x-unix-mode executable mail attachment (smtp.rules)
5715 - WEB-MISC malformed ipv6 uri overflow attempt (web-misc.rules)
5716 - NETBIOS SMB-DS Trans Max Param/Count DOS attempt (netbios.rules)
5717 - NETBIOS SMB-DS Trans unicode Max Param/Count DOS attempt
(netbios.rules)
5718 - NETBIOS-DG SMB Trans Max Param/Count DOS attempt (netbios.rules)
5719 - NETBIOS-DG SMB Trans unicode Max Param/Count DOS attempt
(netbios.rules)
5720 - NETBIOS SMB Trans Max Param/Count DOS attempt (netbios.rules)
5721 - NETBIOS SMB Trans unicode andx Max Param/Count DOS attempt
(netbios.rules)
5722 - NETBIOS SMB-DS Trans andx Max Param/Count DOS attempt
(netbios.rules)
5723 - NETBIOS SMB-DS Trans unicode andx Max Param/Count DOS attempt
(netbios.rules)
5724 - NETBIOS-DG SMB Trans andx Max Param/Count DOS attempt
(netbios.rules)
5725 - NETBIOS-DG SMB Trans unicode andx Max Param/Count DOS attempt
(netbios.rules)
5726 - NETBIOS SMB Trans andx Max Param/Count DOS attempt
(netbios.rules)
5727 - NETBIOS SMB Trans unicode Max Param DOS attempt (netbios.rules)
5728 - NETBIOS SMB-DS Trans Max Param DOS attempt (netbios.rules)
5729 - NETBIOS-DG SMB Trans Max Param DOS attempt (netbios.rules)
5730 - NETBIOS SMB Trans Max Param DOS attempt (netbios.rules)
5731 - NETBIOS-DG SMB Trans unicode Max Param DOS attempt
(netbios.rules)
5732 - NETBIOS SMB-DS Trans unicode Max Param DOS attempt
(netbios.rules)
5733 - NETBIOS SMB Trans unicode andx Max Param DOS attempt
(netbios.rules)
5734 - NETBIOS SMB-DS Trans andx Max Param DOS attempt (netbios.rules)
5735 - NETBIOS-DG SMB Trans andx Max Param DOS attempt (netbios.rules)
5736 - NETBIOS SMB Trans andx Max Param DOS attempt (netbios.rules)
5737 - NETBIOS-DG SMB Trans unicode andx Max Param DOS attempt
(netbios.rules)
5738 - NETBIOS SMB-DS Trans unicode andx Max Param DOS attempt
(netbios.rules)

Updated rules:
~ 337 - FTP CEL overflow attempt (ftp.rules)
1379 - FTP STAT overflow attempt (ftp.rules)
1529 - FTP SITE overflow attempt (ftp.rules)
1621 - FTP CMD overflow attempt (ftp.rules)
1624 - FTP PWD overflow attempt (ftp.rules)
1625 - FTP SYST overflow attempt (ftp.rules)
1734 - FTP USER overflow attempt (ftp.rules)
1792 - NNTP return code buffer overflow attempt (nntp.rules)
1919 - FTP CWD overflow attempt (ftp.rules)
1942 - FTP RMDIR overflow attempt (ftp.rules)
1972 - FTP PASS overflow attempt (ftp.rules)
1973 - FTP MKD overflow attempt (ftp.rules)
1974 - FTP REST overflow attempt (ftp.rules)
1975 - FTP DELE overflow attempt (ftp.rules)
1976 - FTP RMD overflow attempt (ftp.rules)
2101 - NETBIOS SMB Trans unicode Max Param/Count DOS attempt
(netbios.rules)
2338 - FTP LIST buffer overflow attempt (ftp.rules)
2343 - FTP STOR overflow attempt (ftp.rules)
2344 - FTP XCWD overflow attempt (ftp.rules)
2373 - FTP XMKD overflow attempt (ftp.rules)
2374 - FTP NLST overflow attempt (ftp.rules)
2389 - FTP RNTO overflow attempt (ftp.rules)
2391 - FTP APPE overflow attempt (ftp.rules)
2392 - FTP RETR overflow attempt (ftp.rules)
2449 - FTP ALLO overflow attempt (ftp.rules)
2546 - FTP MDTM overflow attempt (ftp.rules)
3680 - P2P AOL Instant Messenger file send attempt (p2p.rules)
3681 - P2P AOL Instant Messenger file receive attempt (p2p.rules)
4990 - MS-SQL Heap-Based Overflow Attempt (sql.rules)
5316 - EXPLOIT CA CAM log_security overflow attempt (exploit.rules)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFED2hCMpm0ve0NhMcRAm7jAJ9Aey7Vux9CtylBKQBOwIvAB//DMACgorSg
altloa2PwE7Co20ipRKR6Dw=
=uEGZ
-----END PGP SIGNATURE-----


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] FPs on old rule -- WEB-MISC .htpasswd access, Russell Fulton
Next by Date:  [Snort-sigs] Snort 2.4.4 and Snort 2.6 Beta Available, Jennifer Steffens
Previous by Thread:  [Snort-sigs] FPs on old rule -- WEB-MISC .htpasswd access, Russell Fulton
Next by Thread:  [Snort-sigs] Sourcefire VRT Certified Rules Update, Sourcefire VRT
Indexes:  [Date] [Thread] [Top] [All Lists]