Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Sourcefire VRT Certified Rules Update

from [Sourcefire VRT] Network Security [Permanent Link]
Subject: [Snort-sigs] Sourcefire VRT Certified Rules Update
Date: Wed, 10 May 2006 17:24:40 -0400 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Rules Update

Synopsis:
The Sourcefire VRT has learned of vulnerabilities affecting hosts using
the Microsoft operating system.


Details:
Microsoft Security Bulletin MS06-18
A vulnerability exists in the implementation of the Microsoft
Distributed Transaction Coordinator (MSDTC) due to a programming error
which may present an attacker with the opportunity to deny service to
legitimate users. MSDTC fails to properly check the length of data
supplied to the service before passing it along to a fixed length
buffer. This vulnerability does not allow an attacker to run code of
their choosing, but it will cause the MSDTC service to stop responding.

CVE-2006-0034
Excess data passed to the opcodes BuildContextW or BuildContext may
cause a heap based overflow to occur and cause the MSDTC service to
stop responding.

Rules to detect attacks against this vulnerability are included in this
rule pack and are identified as sids 6443 through 6466.

CVE-2006-1184
Excess data in the values for uuidstring or guidin passed in a
BuildContextW request may cause the MSDTC service to attempt to access
memory it cannot use.  The MSDTC service will cease responding.

Rules to detect attacks against this vulnerability are included in this
rule pack and are identified as sids 6419 through 6442.



New rules:
6404 - EXPLOIT Veritas NetBackup Volume Manager possible overflow
connection attempt (exploit.rules)
6405 - EXPLOIT Veritas NetBackup Volume Manager overflow attempt
(exploit.rules)
6406 - POLICY Gizmo VOIP client start-up version check (policy.rules)
6407 - POLICY Gizmo register VOIP state (policy.rules)
6408 - POLICY webshots desktop traffic (policy.rules)
6409 - WEB-FRONTPAGE frontpage server extension long host string
overflow attempt (web-frontpage.rules)
6410 - WEB-FRONTPAGE frontpage server extension long host string
overflow attempt (web-frontpage.rules)
6411 - WEB-FRONTPAGE frontpage server extension long host string
overflow attempt (web-frontpage.rules)
6412 - SMTP Windows Address Book attachment detected (smtp.rules)
6413 - SMTP Base64 encoded Windows Address Book attachment detected
(smtp.rules)
6414 - WEB-MISC Novell GroupWise Messenger Accept-Language Header
Buffer Overflow attempt (web-misc.rules)
6415 - NETBIOS DCERPC DIRECT msdtc BuildContextW little endian object
call overflow attempt (netbios.rules)
6416 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW object call
overflow attempt (netbios.rules)
6417 - NETBIOS DCERPC DIRECT msdtc BuildContextW object call overflow
attempt (netbios.rules)
6418 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW little endian
object call overflow attempt (netbios.rules)
6419 - NETBIOS DCERPC DIRECT v4 msdtc BuildContextW little endian
invalid uuid size attempt (netbios.rules)
6420 - NETBIOS DCERPC DIRECT-UDP v4 msdtc BuildContextW little endian
invalid uuid size attempt (netbios.rules)
6421 - NETBIOS DCERPC DIRECT msdtc BuildContextW little endian invalid
uuid size attempt (netbios.rules)
6422 - NETBIOS DCERPC DIRECT v4 msdtc BuildContextW invalid uuid size
attempt (netbios.rules)
6423 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW little endian
invalid uuid size attempt (netbios.rules)
6424 - NETBIOS DCERPC DIRECT-UDP v4 msdtc BuildContextW invalid uuid
size attempt (netbios.rules)
6425 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW invalid uuid size
attempt (netbios.rules)
6426 - NETBIOS DCERPC DIRECT msdtc BuildContextW invalid uuid size
attempt (netbios.rules)
6427 - NETBIOS DCERPC DIRECT msdtc BuildContextW little endian object
call invalid uuid size attempt (netbios.rules)
6428 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW little endian
object call invalid uuid size attempt (netbios.rules)
6429 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW object call
invalid uuid size attempt (netbios.rules)
6430 - NETBIOS DCERPC DIRECT msdtc BuildContextW object call invalid
uuid size attempt (netbios.rules)
6431 - NETBIOS DCERPC DIRECT msdtc BuildContextW invalid second uuid
size attempt (netbios.rules)
6432 - NETBIOS DCERPC DIRECT v4 msdtc BuildContextW invalid second uuid
size attempt (netbios.rules)
6433 - NETBIOS DCERPC DIRECT v4 msdtc BuildContextW little endian
invalid second uuid size attempt (netbios.rules)
6434 - NETBIOS DCERPC DIRECT msdtc BuildContextW little endian invalid
second uuid size attempt (netbios.rules)
6435 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW little endian
invalid second uuid size attempt (netbios.rules)
6436 - NETBIOS DCERPC DIRECT-UDP v4 msdtc BuildContextW invalid second
uuid size attempt (netbios.rules)
6437 - NETBIOS DCERPC DIRECT-UDP v4 msdtc BuildContextW little endian
invalid second uuid size attempt (netbios.rules)
6438 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW invalid second
uuid size attempt (netbios.rules)
6439 - NETBIOS DCERPC DIRECT msdtc BuildContextW object call invalid
second uuid size attempt (netbios.rules)
6440 - NETBIOS DCERPC DIRECT msdtc BuildContextW little endian object
call invalid second uuid size attempt (netbios.rules)
6441 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW little endian
object call invalid second uuid size attempt (netbios.rules)
6442 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW object call
invalid second uuid size attempt (netbios.rules)
6443 - NETBIOS DCERPC DIRECT msdtc BuildContextW heap overflow attempt
(netbios.rules)
6444 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW little endian heap
overflow attempt (netbios.rules)
6445 - NETBIOS DCERPC DIRECT-UDP v4 msdtc BuildContextW little endian
heap overflow attempt (netbios.rules)
6446 - NETBIOS DCERPC DIRECT v4 msdtc BuildContextW little endian heap
overflow attempt (netbios.rules)
6447 - NETBIOS DCERPC DIRECT v4 msdtc BuildContextW heap overflow
attempt (netbios.rules)
6448 - NETBIOS DCERPC DIRECT msdtc BuildContextW little endian heap
overflow attempt (netbios.rules)
6449 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW heap overflow
attempt (netbios.rules)
6450 - NETBIOS DCERPC DIRECT-UDP v4 msdtc BuildContextW heap overflow
attempt (netbios.rules)
6451 - NETBIOS DCERPC DIRECT msdtc BuildContextW object call heap
overflow attempt (netbios.rules)
6452 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW little endian
object call heap overflow attempt (netbios.rules)
6453 - NETBIOS DCERPC DIRECT msdtc BuildContextW little endian object
call heap overflow attempt (netbios.rules)
6454 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW object call heap
overflow attempt (netbios.rules)
6455 - NETBIOS DCERPC DIRECT msdtc BuildContext heap overflow attempt
(netbios.rules)
6456 - NETBIOS DCERPC DIRECT v4 msdtc BuildContext heap overflow
attempt (netbios.rules)
6457 - NETBIOS DCERPC DIRECT msdtc BuildContext little endian heap
overflow attempt (netbios.rules)
6458 - NETBIOS DCERPC DIRECT-UDP v4 msdtc BuildContext little endian
heap overflow attempt (netbios.rules)
6459 - NETBIOS DCERPC DIRECT v4 msdtc BuildContext little endian heap
overflow attempt (netbios.rules)
6460 - NETBIOS DCERPC DIRECT-UDP v4 msdtc BuildContext heap overflow
attempt (netbios.rules)
6461 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContext heap overflow
attempt (netbios.rules)
6462 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContext little endian heap
overflow attempt (netbios.rules)
6463 - NETBIOS DCERPC DIRECT msdtc BuildContext object call heap
overflow attempt (netbios.rules)
6464 - NETBIOS DCERPC DIRECT msdtc BuildContext little endian object
call heap overflow attempt (netbios.rules)
6465 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContext object call heap
overflow attempt (netbios.rules)
6466 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContext little endian
object call heap overflow attempt (netbios.rules)

Updated rules:
2278 - WEB-MISC client negative Content-Length attempt (web-misc.rules)
4245 - NETBIOS DCERPC DIRECT-UDP v4 msdtc BuildContextW overflow
attempt (netbios.rules)
4246 - NETBIOS DCERPC DIRECT msdtc BuildContextW little endian overflow
attempt (netbios.rules)
4247 - NETBIOS DCERPC DIRECT v4 msdtc BuildContextW overflow attempt
(netbios.rules)
4248 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW overflow attempt
(netbios.rules)
4249 - NETBIOS DCERPC DIRECT v4 msdtc BuildContextW little endian
overflow attempt (netbios.rules)
4250 - NETBIOS DCERPC DIRECT msdtc BuildContextW overflow attempt
(netbios.rules)
4251 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW little endian
overflow attempt (netbios.rules)
4252 - NETBIOS DCERPC DIRECT-UDP v4 msdtc BuildContextW little endian
overflow attempt (netbios.rules)
6228 - SPYWARE-PUT Adware exact.bargainbuddy runtime detection -
disclaimer text (spyware-put.rules)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEYloYMpm0ve0NhMcRAhg1AJ4w+2vo5Eh5Nh1vfHDcSehwaDmQxACcDq7B
cG0hXMYdnqy5YFs/E4q3cdE=
=EU0C
-----END PGP SIGNATURE-----


-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-sigs] Rule Set Completness, Frank Knobbe
Next by Date:  Re: [Snort-sigs] Rule Set Completness, Jennifer Steffens
Previous by Thread:  [Snort-sigs] Sourcefire VRT Certified Rules Update, Sourcefire VRT
Next by Thread:  [Snort-sigs] Sourcefire VRT Certified Rules Update, Sourcefire VRT
Indexes:  [Date] [Thread] [Top] [All Lists]