Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Sourcefire VRT Certified Rules Update

from [Sourcefire VRT] Network Security [Permanent Link]
Subject: [Snort-sigs] Sourcefire VRT Certified Rules Update
Date: Tue, 13 Jun 2006 13:48:17 -0400 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Rules Update

Synopsis:
The Sourcefire VRT has learned of multiple vulnerabilities affecting
Microsoft Internet Explorer, Apple Quicktime, Novell eDirectory, Sophos
Anti-Virus and Symantec Anti-Virus products.

Details:
Microsoft Internet Explorer contains a programming error in the way
that it processes MIME HTML links (mhtml) which are commonly embedded
in HTML email.  The error in processing the links may allow a remote
attacker to overflow a fixed length buffer and execute code of their
choosing on the target system.

Rules to detect attacks against this vulnerability are included in this
rule pack and are identified as sids 6509 and 6510.

Apple Quicktime fails to properly check user supplied data which may
allow a remote attacker to overflow a fixed length buffer and execute
code of their choosing on the target host.

Rules to detect attacks against this vulnerability are included in this
rule pack and are identified as sids 6505 and 6506.

Novell eDirectory Server contains a vulnerability that may allow an
attacker to overflow a fixed length buffer and execute code of their
choosing on an affected server. The vulnerability exists in the
iMonitor NDS server and may be exploited via a specially crafted uri to
the service.

A rule to detect attacks against this vulnerability is included in this
rule pack and is identified as sid 6507.

Sophos Anti-Virus fails to properly process Microsoft CAB files. A
remote attacker may be able to leverage this vulnerability to execute
code of their choosing on the target host or cause a denial of service
(DoS) against the Sophos Anti-Virus process.

A rule to detect attacks against this vulnerability is included in this
rule pack and is identified as sid 6504.

Symantec Anti-Virus Real-Time Scan Service suffers from a programming
error that may allow a remote attacker to execute code of their
choosing on an affected host.

A rule to detect attacks against this vulnerability is included in this
rule pack and is identified as sid 6512.

New rules:
6472 - BACKDOOR bugs runtime detection - file manager client-to-server
(backdoor.rules)
6473 - BACKDOOR bugs runtime detection - file manager server-to-client
(backdoor.rules)
6474 - BACKDOOR w32.loosky.gen@mm runtime detection - notification
(backdoor.rules)
6475 - BACKDOOR badrat 1.1 runtime detection - flowbit set
(backdoor.rules)
6476 - BACKDOOR badrat 1.1 runtime detection (backdoor.rules)
6477 - SPYWARE-PUT Hacker-Tool beee runtime detection - smtp
(spyware-put.rules)
6478 - SPYWARE-PUT Trackware searchingall toolbar runtime detection -
send user url request (spyware-put.rules)
6479 - SPYWARE-PUT Snoopware totalvelocity zsearch runtime detection
(spyware-put.rules)
6480 - SPYWARE-PUT Hijacker cws.cameup runtime detection - home page
(spyware-put.rules)
6481 - SPYWARE-PUT Hijacker cws.cameup runtime detection - search
(spyware-put.rules)
6482 - SPYWARE-PUT Hijacker makemesearch toolbar runtime detection -
get info (spyware-put.rules)
6483 - SPYWARE-PUT Hijacker makemesearch toolbar runtime detection -
home page hijacker (spyware-put.rules)
6484 - SPYWARE-PUT Hijacker makemesearch toolbar runtime detection -
search (spyware-put.rules)
6485 - SPYWARE-PUT Adware spyfalcon runtime detection - action report
(spyware-put.rules)
6486 - SPYWARE-PUT Adware spyfalcon runtime detection - notification
(spyware-put.rules)
6487 - SPYWARE-PUT Adware searchnugget toolbar runtime detection -
check updates (spyware-put.rules)
6488 - SPYWARE-PUT Adware searchnugget toolbar runtime detection -
redirect mistyped urls (spyware-put.rules)
6489 - SPYWARE-PUT Hijacker analyze IE runtime detection - default page
hijacker (spyware-put.rules)
6490 - SPYWARE-PUT Dialer yeaknet runtime detection - home page
hijacker (spyware-put.rules)
6491 - SPYWARE-PUT Dialer yeaknet runtime detection - post-installation
(spyware-put.rules)
6492 - SPYWARE-PUT Trickler Backdoor-BAC.gen.e runtime detection -
notification (spyware-put.rules)
6493 - SPYWARE-PUT Trickler Backdoor-BAC.gen.e runtime detection - post
data (spyware-put.rules)
6494 - SPYWARE-PUT Adware yourenhancement runtime detection
(spyware-put.rules)
6495 - SPYWARE-PUT Hijacker troj_spywad.x runtime detection
(spyware-put.rules)
6496 - SPYWARE-PUT Adware adpowerzone runtime detection
(spyware-put.rules)
6497 - BACKDOOR exploiter 1.0 runtime detection (backdoor.rules)
6498 - BACKDOOR exploiter 1.0 runtime detection (backdoor.rules)
6499 - BACKDOOR omerta 1.3 runtime detection (backdoor.rules)
6500 - BACKDOOR omerta 1.3 runtime detection (backdoor.rules)
6501 - BACKDOOR omerta 1.3 runtime detection (backdoor.rules)
6502 - WEB-CLIENT Mozilla GIF single packet heap overflow - ANIMEXTS1.0
(web-client.rules)
6503 - WEB-CLIENT Mozilla GIF multipacket heap overflow - ANIMEXTS1.0
(web-client.rules)
6504 - WEB-CLIENT Sophos Anti-Virus CAB file overflow attempt
(web-client.rules)
6505 - WEB-CLIENT quicktime fpx file SectNumMiniFAT overflow attempt
(web-client.rules)
6506 - WEB-CLIENT quicktime udta atom overflow attempt
(web-client.rules)
6507 - WEB-MISC novell edirectory imonitor overflow attempt
(web-misc.rules)
6508 - EXPLOIT EMC retrospect client crafted packet overflow attempt
(exploit.rules)
6509 - WEB-CLIENT Internet Explorer mhtml uri href buffer overflow
attempt (web-client.rules)
6510 - WEB-CLIENT Internet Explorer mhtml uri shortcut buffer overflow
attempt (web-client.rules)
6511 - WEB-MISC ALT-N WebAdmin user param overflow attempt
(web-misc.rules)
6512 - EXPLOIT symantec antivirus realtime virusscan overflow attempt
(exploit.rules)

Updated rules:
~ 972 - DELETED WEB-IIS %2E-asp access (deleted.rules)
1508 - WEB-CGI alibaba.pl access (web-cgi.rules)
3534 - WEB-CLIENT Mozilla GIF single packet heap overflow - NETSCAPE2.0
(web-client.rules)
3535 - WEB-CLIENT GIF transfer (web-client.rules)
3536 - WEB-CLIENT Mozilla GIF multipacket heap overflow - NETSCAPE2.0
(web-client.rules)
5851 - SPYWARE-PUT Adware warez_p2p runtime detection - .txt .dat and
.lst requests (spyware-put.rules)
6025 - BACKDOOR tequila bandita 1.2 runtime detection - reverse
connection (backdoor.rules)
6317 - BACKDOOR net demon runtime detection - file manager response
(backdoor.rules)
6399 - BACKDOOR rad 1.2.3 runtime detection (backdoor.rules)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEjvpgMpm0ve0NhMcRAksLAJsHeqJsBc2VIcOy/mOZn9Xdkre0EACfbI2Z
ad6D20c88yjYdjShpFor8t8=
=upPE
-----END PGP SIGNATURE-----


_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] Odd thresholding error, Russell Fulton
Next by Date:  [Snort-sigs] Rule for identifying all trafic except the specefied one, Rajkumar S
Previous by Thread:  [Snort-sigs] Odd thresholding error, Russell Fulton
Next by Thread:  [Snort-sigs] Sourcefire VRT Certified Rules Update, Sourcefire VRT
Indexes:  [Date] [Thread] [Top] [All Lists]