Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Sourcefire VRT Certified Rules Update

from [Sourcefire VRT] Network Security [Permanent Link]
Subject: [Snort-sigs] Sourcefire VRT Certified Rules Update
Date: Wed, 12 Apr 2006 19:09:24 -0400 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Rules Update

Synopsis:
The Sourcefire VRT has learned of multiple vulnerabilities affecting
hosts using the Microsoft operating system and Veritas NetBackup.

Details:
Microsoft Security Bulletin MS06-013

Internet Explorer does not correctly handle ActiveX controls. Certain
COM objects can be called by Internet Explorer and executed as ActiveX
controls. When this is achieved, it may be possible for an attacker to
overwrite portions of memory and execute code of their choosing.

Rules to detect attacks against this vulnerability are included in this
rule pack and are identified as sids 6002 through 6009.

Veritas NetBackup

A vulnerability exists in the way that the Veritas NetBackup Server
validates input passed to various daemon processes. It may be possible
for an attacker to supply a large amount of data to the vnet daemon and
subsequently overflow a fixed length buffer and run code of their
choosing.

Rules to detect attacks against this vulnerability are included in this
rule pack and are identified as sids 6010 and 6011.

New rules:
5997 - WEB-MISC WinProxy overly long host header buffer overflow
attempt (web-misc.rules)
5998 - P2P Skype client login startup (p2p.rules)
5999 - P2P Skype client login (p2p.rules)
6000 - P2P Skype client login startup (p2p.rules)
6001 - P2P Skype client login (p2p.rules)
6002 - WEB-CLIENT Microsoft DT DDS Rectilinear GDD Layout ActiveX
Object Access (web-client.rules)
6003 - WEB-CLIENT Microsoft DT DDS Rectilinear GDD Route ActiveX Object
Access (web-client.rules)
6004 - WEB-CLIENT Microsoft DT DDS Circular Auto Layout Logic 2 ActiveX
Object Access (web-client.rules)
6005 - WEB-CLIENT Microsoft DT DDS Straight Line Routing Logic 2
ActiveX Object Access (web-client.rules)
6006 - WEB-CLIENT Microsoft DT Icon Control ActiveX Object Access
(web-client.rules)
6007 - WEB-CLIENT Microsoft DT DDS OrgChart GDD Layout ActiveX Object
Access (web-client.rules)
6008 - WEB-CLIENT Microsoft DT DDS OrgChart GDD Route ActiveX Object
Access (web-client.rules)
6009 - WEB-CLIENT RDS.Dataspace ActiveX Object Access
(web-client.rules)
6010 - EXPLOIT VERITAS NetBackup vnetd buffer overflow attempt
(exploit.rules)
6011 - EXPLOIT VERITAS NetBackup vnetd buffer overflow attempt
(exploit.rules)

Updated rules:
~ 159 - DELETED BACKDOOR NetMetro File List (deleted.rules)
2527 - SMTP STARTTLS attempt (smtp.rules)
3668 - MYSQL client authentication bypass attempt (mysql.rules)
5692 - P2P Skype client successful install (p2p.rules)
5693 - P2P Skype client start up get latest version attempt (p2p.rules)
5694 - P2P Skype client setup get newest version attempt (p2p.rules)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEPYikMpm0ve0NhMcRAnywAJ0bUHaVhuWONw4Xv7CCLHocR6lNUgCeJ7M7
NcfpjACeVSNRRJ6bG8cQAH4=
=VpSh
-----END PGP SIGNATURE-----


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Snort-sigs] Sourcefire VRT Certified Rules Update, Sourcefire VRT <=
Previous by Date:  [Snort-sigs] Snort Community Rules Update, Sourcefire VRT
Next by Date:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Previous by Thread:  [Snort-sigs] Community rules, 100000279? Pcre error? Signature needs tightening up?, Michael Scheidell
Next by Thread:  [Snort-sigs] New rule: osCommerce "extras/" information/source code disclosure, Michael Scheidell
Indexes:  [Date] [Thread] [Top] [All Lists]