Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Sourcefire VRT Certified Rules Update

from [Sourcefire VRT] Network Security [Permanent Link]
Subject: [Snort-sigs] Sourcefire VRT Certified Rules Update
Date: Wed, 24 May 2006 15:19:45 -0400 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Rules Update

Synopsis:
The Sourcefire VRT has learned of vulnerabilities affecting hosts using
RealVNC.

Details:
RealVNC is a multi platform remote administration tool that allows
networked hosts to connect to other hosts or mobile devices. It has a
client-server architecture that requires the remote user to
authenticate on connection to a RealVNC server.

A programming error in the authentication mechanism for RealVNC may
allow an attacker to gain access to the host without supplying the
correct credentials.

Rules to detect attacks against this vulnerability are included in this
rule pack and are identified as sids 6469 through 6471.

In response to continued feedback regarding the spyware-put rules, the
Sourcefire VRT is continuing to improve coverage provided by these
rules and the accuracy of detection. This rulepack contains
modifications to this set of rules.

New rules:
6467 - CHAT jabber traffic detected (chat.rules)
6468 - CHAT jabber file transfer request (chat.rules)
6469 - EXPLOIT RealVNC connection attempt (exploit.rules)
6470 - EXPLOIT RealVNC authentication types sent attempt
(exploit.rules)
6471 - EXPLOIT RealVNC password authentication bypass vulnerability
attempt (exploit.rules)

Updated rules:
~ 108 - BACKDOOR QAZ Worm Client Login access (backdoor.rules)
6021 - BACKDOOR silent spy 2.10 command response port 4225
(backdoor.rules)
6022 - BACKDOOR silent spy 2.10 command response port 4226
(backdoor.rules)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD4DBQFEdLHRMpm0ve0NhMcRAjOBAJ9FzNMa8S97iDLtAPlcIS8op8mv1QCSAy1B
GpkEJWOmi29K0VttTjkQkQ==
=/L8g
-----END PGP SIGNATURE-----


-------------------------------------------------------
All the advantages of Linux Managed Hosting--Without the Cost and Risk!
Fully trained technicians. The highest number of Red Hat certifications in
the hosting industry. Fanatical Support. Click to learn more
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] Snort Community Rules Update, Sourcefire VRT
Next by Date:  [Snort-sigs] Lot of FP with 2002926, Chich Thierry
Previous by Thread:  [Snort-sigs] Sourcefire VRT Certified Rules Update, Sourcefire VRT
Next by Thread:  [Snort-sigs] Rule Submit: AWstats Migrate Remote File Include, Blake Hartstein
Indexes:  [Date] [Thread] [Top] [All Lists]