[Snort-sigs] SNORT SIGS 1024, 1044

Maxim Gansert braker at ...307...
Thu Jan 24 13:00:04 EST 2002


regards
-------------- next part --------------
# This is a template for submitting snort signature descriptions to
# the snort.org website
#
# Ensure that your descriptions are your own
# and not the work of others.  References in the rules themselves
# should be used for linking to other's work. 
#
# If you are unsure of some part of a rule, use that as a commentary
# and someone else perhaps will be able to fix it.
# 
# $Id$
#
# 

Rule:  

--
Sid: 1044

--
Summary: Remote user can access passwords, usernames and other important information.

--
Impact: WinNT or Windows running IIS 3.0.

--
Detailed Information: Webhits.exe is a part of the IIS-Searchengine of the Index-Server. A remote user can gain access to passwords, usernames and security relevant data through its weakness.

--
Attack Scenarios:

--
Ease of Attack:

--
False Positives:

--
False Negatives:

--
Corrective Action: Delete WEBHITS.EXE or move it to another directory, where it can't be accessed through URL's. Make sure you Patch your MS-OS.

--
Contributors:

-- 
Additional References:
-------------- next part --------------
# This is a template for submitting snort signature descriptions to
# the snort.org website
#
# Ensure that your descriptions are your own
# and not the work of others.  References in the rules themselves
# should be used for linking to other's work. 
#
# If you are unsure of some part of a rule, use that as a commentary
# and someone else perhaps will be able to fix it.
# 
# $Id$
#
# 

Rule:

--
Sid: 1024

--
Summary: A remote user can create or overwrite any file.

--
Impact: WinNT and Windows  running IIS 3.0.

--
Detailed Information: Through an error in the file NEWDSN.EXE it's possible to create and overwrite any file.

--
Attack Scenarios:

--
Ease of Attack:

--
False Positives:

--
False Negatives:

--
Corrective Action: Move NEWDSN.EXE to another directory where it can't be accessed or simply delete it if you don't need it. Make sure you Patch your MS-OS.

--
Contributors:

-- 
Additional References:


More information about the Snort-sigs mailing list