[Snort-sigs] snort-rules update @ Tue Aug 10 10:39:14 2004

bmc at ...95... bmc at ...95...
Tue Aug 10 07:40:04 EDT 2004


New rules:
2598 - WEB-MISC Samba SWAT Authorization port 901 overflow attempt (web-misc.rules, requires 3.1 or later)
2599 - ORACLE add_grouped_column named sname/oname buffer overflow attempt (oracle.rules, requires 3.1 or later)
2600 - ORACLE add_grouped_column ordered sname/oname buffer overflow attempt (oracle.rules, requires 3.1 or later)
2601 - ORACLE drop_master_repgroup named gname buffer overflow attempt (oracle.rules, requires 3.1 or later)
2602 - ORACLE drop_master_repgroup ordered gname buffer overflow attempt (oracle.rules, requires 3.1 or later)
2603 - ORACLE create_mview_repgroup named fname buffer overflow attempt (oracle.rules, requires 3.1 or later)
2604 - ORACLE create_mview_repgroup ordered fname buffer overflow attempt (oracle.rules, requires 3.1 or later)
2605 - ORACLE compare_old_values ordered sname/oname buffer overflow attempt (oracle.rules, requires 3.1 or later)
2606 - ORACLE comment_on_repobject named type buffer overflow attempt (oracle.rules, requires 3.1 or later)
2607 - ORACLE comment_on_repobject ordered type buffer overflow attempt (oracle.rules, requires 3.1 or later)
2608 - ORACLE check_ddl_text ordered buffer overflow attempt (oracle.rules, requires 3.1 or later)
2609 - ORACLE cancel_statistics named sname/oname buffer overflow attempt (oracle.rules, requires 3.1 or later)
2610 - ORACLE cancel_statistics ordered sname/oname buffer overflow attempt (oracle.rules, requires 3.1 or later)
2611 - ORACLE LINK metadata buffer overflow attempt (oracle.rules, requires 3.1 or later)
2612 - ORACLE revoke_surrogate_repcat named userid buffer overflow attempt (oracle.rules, requires 3.1 or later)
2613 - ORACLE revoke_surrogate_repcat ordered userid buffer overflow attempt (oracle.rules, requires 3.1 or later)
2614 - ORACLE time_zone buffer overflow attempt (oracle.rules, requires 3.1 or later)
2615 - ORACLE grant_surrogate_repcat named userid buffer overflow attempt (oracle.rules, requires 3.1 or later)
2616 - ORACLE grant_surrogate_repcat ordered userid buffer overflow attempt (oracle.rules, requires 3.1 or later)
2617 - ORACLE alter_mview_propagation named gname buffer overflow attempt (oracle.rules, requires 3.1 or later)
2618 - ORACLE alter_mview_propagation ordered gname buffer overflow attempt (oracle.rules, requires 3.1 or later)
2619 - ORACLE alter_master_repobject named type buffer overflow attempt (oracle.rules, requires 3.1 or later)
2620 - ORACLE alter_master_repobject ordered type buffer overflow attempt (oracle.rules, requires 3.1 or later)
2621 - ORACLE utl.register_flavor_change ordered buffer overflow attempt (oracle.rules, requires 3.1 or later)
2622 - ORACLE utl.drop_an_object ordered buffer overflow attempt (oracle.rules, requires 3.1 or later)
2623 - ORACLE utl.create_snapshot_repgroup ordered buffer overflow attempt (oracle.rules, requires 3.1 or later)
2624 - ORACLE unregister_user_repgroup named privilege_type buffer overflow attempt (oracle.rules, requires 3.1 or later)
2625 - ORACLE unregister_user_repgroup ordered privilege_type buffer overflow attempt (oracle.rules, requires 3.1 or later)
2626 - ORACLE send_old_values ordered sname/oname buffer overflow attempt (oracle.rules, requires 3.1 or later)
2627 - ORACLE repcat_import_check named gowner/gname buffer overflow attempt (oracle.rules, requires 3.1 or later)
2628 - ORACLE repcat_import_check ordered gowner/gname buffer overflow attempt (oracle.rules, requires 3.1 or later)
2629 - ORACLE register_user_repgroup named privilege_type buffer overflow attempt (oracle.rules, requires 3.1 or later)
2630 - ORACLE register_user_repgroup ordered privilege_type buffer overflow attempt (oracle.rules, requires 3.1 or later)
2631 - ORACLE refresh_mview_repgroup named gowner buffer overflow attempt (oracle.rules, requires 3.1 or later)
2632 - ORACLE refresh_mview_repgroup ordered gowner buffer overflow attempt (oracle.rules, requires 3.1 or later)
2633 - ORACLE rectifier_diff named sname1 attempt (oracle.rules, requires 3.1 or later)
2634 - ORACLE rectifier_diff ordered sname1 buffer overflow attempt (oracle.rules, requires 3.1 or later)
2635 - ORACLE snapshot.end_load named gname buffer overflow attempt (oracle.rules, requires 3.1 or later)
2636 - ORACLE snapshot.end_load ordered gname buffer overflow attempt (oracle.rules, requires 3.1 or later)
2637 - ORACLE drop_master_repobject named type buffer overflow attempt (oracle.rules, requires 3.1 or later)
2638 - ORACLE drop_master_repobject ordered type buffer overflow attempt (oracle.rules, requires 3.1 or later)
2639 - ORACLE drop_mview_repgroup named gowner buffer overflow attempt (oracle.rules, requires 3.1 or later)
2640 - ORACLE drop_mview_repgroup ordered gowner/gname buffer overflow attempt (oracle.rules, requires 3.1 or later)
2641 - ORACLE drop_site_instantiate named refresh_template_name buffer overflow attempt (oracle.rules, requires 3.1 or later)
2642 - ORACLE drop_site_instantiate ordered refresh_template_name buffer overflow attempt (oracle.rules, requires 3.1 or later)
2643 - ORACLE ensure_not_published ordered fname buffer overflow attempt (oracle.rules, requires 3.1 or later)
2644 - ORACLE from_tz buffer overflow attempt (oracle.rules, requires 3.1 or later)
2645 - ORACLE instantiate_offline named refresh_template_name buffer overflow attempt (oracle.rules, requires 3.1 or later)
2646 - ORACLE instantiate_offline ordered refresh_template_name buffer overflow attempt (oracle.rules, requires 3.1 or later)
2647 - ORACLE instantiate_online named refresh_template_name buffer overflow attempt (oracle.rules, requires 3.1 or later)
2648 - ORACLE instantiate_online ordered refresh_template_name buffer overflow attempt (oracle.rules, requires 3.1 or later)
2649 - ORACLE service_name buffer overflow attempt (oracle.rules, requires 3.1 or later)
2650 - ORACLE user name buffer overflow attempt (oracle.rules, requires 3.1 or later)
2651 - ORACLE NUMTODSINTERVAL/NUMTOYMINTERVAL buffer overflow attempt (oracle.rules, requires 3.1 or later)
2652 - ORACLE og.begin_load named gname buffer overflow attempt (oracle.rules, requires 3.1 or later)
2653 - ORACLE og.begin_load ordered gname buffer overflow attempt (oracle.rules, requires 3.1 or later)
2654 - WEB-PHP PHPNuke Forum viewtopic SQL insertion attempt (web-php.rules, requires 3.1 or later)
2655 - MISC HP Web JetAdmin ExecuteFile admin access (misc.rules)

Updated rules:
 255 - DNS zone transfer TCP (dns.rules)
 509 - WEB-MISC PCCS mysql database admin tool access (web-misc.rules)
 674 - MS-SQL xp_displayparamstmt possible buffer overflow (sql.rules)
 675 - MS-SQL xp_setsqlsecurity possible buffer overflow (sql.rules)
 680 - MS-SQL/SMB sa login failed (sql.rules)
 682 - MS-SQL xp_enumresultset possible buffer overflow (sql.rules)
 688 - MS-SQL sa login failed (sql.rules)
 690 - MS-SQL/SMB xp_printstatements possible buffer overflow (sql.rules)
 695 - MS-SQL/SMB xp_sprintf possible buffer overflow (sql.rules)
 696 - MS-SQL/SMB xp_showcolv possible buffer overflow (sql.rules)
 697 - MS-SQL/SMB xp_peekqueue possible buffer overflow (sql.rules)
 698 - MS-SQL/SMB xp_proxiedmetadata possible buffer overflow (sql.rules)
 699 - MS-SQL xp_printstatements possible buffer overflow (sql.rules)
 700 - MS-SQL/SMB xp_updatecolvbm possible buffer overflow (sql.rules)
 701 - MS-SQL xp_updatecolvbm possible buffer overflow (sql.rules)
 702 - MS-SQL/SMB xp_displayparamstmt possible buffer overflow (sql.rules)
 703 - MS-SQL/SMB xp_setsqlsecurity possible buffer overflow (sql.rules)
 704 - MS-SQL xp_sprintf possible buffer overflow (sql.rules)
 705 - MS-SQL xp_showcolv possible buffer overflow (sql.rules)
 706 - MS-SQL xp_peekqueue possible buffer overflow (sql.rules)
 707 - MS-SQL xp_proxiedmetadata possible buffer overflow (sql.rules)
 708 - MS-SQL/SMB xp_enumresultset possible buffer overflow (sql.rules)
 824 - WEB-CGI php.cgi access (web-cgi.rules)
 825 - WEB-CGI glimpse access (web-cgi.rules)
 847 - WEB-CGI campas access (web-cgi.rules)
 889 - WEB-CGI ppdscgi.exe access (web-cgi.rules)
 892 - WEB-CGI AnyForm2 access (web-cgi.rules)
 937 - WEB-FRONTPAGE _vti_rpc access (web-frontpage.rules)
 940 - WEB-FRONTPAGE shtml.dll access (web-frontpage.rules)
 962 - WEB-FRONTPAGE shtml.exe access (web-frontpage.rules)
 966 - WEB-FRONTPAGE .... request (web-frontpage.rules)
 970 - WEB-IIS multiple decode attempt (deleted.rules)
 971 - WEB-IIS ISAPI .printer access (web-iis.rules)
 981 - WEB-IIS unicode directory traversal attempt (deleted.rules)
 982 - WEB-IIS unicode directory traversal attempt (deleted.rules)
 983 - WEB-IIS unicode directory traversal attempt (deleted.rules)
 984 - WEB-IIS JET VBA access (web-iis.rules)
 987 - WEB-IIS .htr access (web-iis.rules)
1020 - WEB-IIS isc$data attempt (web-iis.rules)
1021 - WEB-IIS ism.dll attempt (web-iis.rules)
1023 - WEB-IIS msadcs.dll access (web-iis.rules)
1103 - WEB-MISC Netscape admin passwd (web-misc.rules)
1110 - WEB-MISC apache source.asp file access (web-misc.rules)
1167 - WEB-MISC rpm_query access (web-misc.rules)
1173 - WEB-MISC architext_query.pl access (web-misc.rules)
1174 - WEB-CGI /cgi-bin/jj access (web-cgi.rules)
1176 - WEB-MISC order.log access (deleted.rules)
1181 - WEB-MISC Annex Terminal DOS attempt (web-misc.rules)
1217 - WEB-MISC plusmail access (web-misc.rules)
1379 - FTP STAT overflow attempt (ftp.rules, requires 3.1 or later)
1386 - MS-SQL/SMB raiserror possible buffer overflow (sql.rules)
1387 - MS-SQL raiserror possible buffer overflow (sql.rules)
1408 - DOS MSDTC attempt (dos.rules)
1423 - WEB-PHP content-disposition memchr overflow (web-php.rules)
1425 - WEB-PHP content-disposition (web-php.rules)
1436 - MULTIMEDIA Quicktime User Agent access (multimedia.rules)
1471 - WEB-CGI mailnews.cgi access (web-cgi.rules)
1475 - WEB-CGI mailit.pl access (web-cgi.rules)
1492 - WEB-MISC RBS ISP /newuser  directory traversal attempt (web-misc.rules)
1493 - WEB-MISC RBS ISP /newuser access (web-misc.rules)
1500 - WEB-MISC ExAir access (web-misc.rules)
1567 - WEB-IIS /exchange/root.asp attempt (web-iis.rules)
1568 - WEB-IIS /exchange/root.asp access (web-iis.rules)
1636 - MISC Xtramail Username overflow attempt (misc.rules, requires 3.1 or later)
1652 - WEB-CGI campus attempt (web-cgi.rules)
1653 - WEB-CGI campus access (web-cgi.rules)
1725 - WEB-IIS +.htr code fragment attempt (web-iis.rules)
1734 - FTP USER overflow attempt (ftp.rules, requires 3.1 or later)
1751 - EXPLOIT cachefsd buffer overflow attempt (exploit.rules)
1777 - FTP EXPLOIT STAT * dos attempt (ftp.rules)
1778 - FTP EXPLOIT STAT ? dos attempt (ftp.rules)
1943 - WEB-MISC /Carello/add.exe access (web-misc.rules)
1945 - WEB-IIS unicode directory traversal attempt (deleted.rules)
1948 - DNS zone transfer UDP (dns.rules)
1972 - FTP PASS overflow attempt (ftp.rules, requires 3.1 or later)
1973 - FTP MKD overflow attempt (ftp.rules, requires 3.1 or later)
2000 - WEB-PHP readmsg.php access (web-php.rules)
2003 - MS-SQL Worm propagation attempt (sql.rules)
2004 - MS-SQL Worm propagation attempt OUTBOUND (sql.rules)
2039 - MISC bootp hostname format string attempt (misc.rules)
2048 - MISC rsyncd overflow attempt (misc.rules)
2090 - WEB-IIS WEBDAV exploit attempt (web-iis.rules)
2101 - NETBIOS SMB SMB_COM_TRANSACTION Max Parameter and Max Count of 0 DOS Attempt (netbios.rules)
2102 - NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt (deleted.rules)
2129 - WEB-IIS nsiislog.dll access (web-iis.rules)
2178 - FTP USER format string attempt (ftp.rules, requires 3.1 or later)
2192 - NETBIOS DCERPC ISystemActivator bind attempt (netbios.rules, requires 3.2 or later)
2193 - NETBIOS SMB-DS DCERPC ISystemActivator bind attempt (netbios.rules, requires 3.2 or later)
2222 - WEB-CGI nph-exploitscanget.cgi access (web-cgi.rules)
2246 - WEB-MISC webadmin.dll access (web-misc.rules)
2251 - NETBIOS DCERPC Remote Activation bind attempt (netbios.rules)
2252 - NETBIOS SMB-DS DCERPC Remote Activation bind attempt (netbios.rules)
2253 - SMTP XEXCH50 overflow attempt (smtp.rules, requires 3.1 or later)
2257 - NETBIOS DCERPC Messenger Service buffer overflow attempt (netbios.rules)
2258 - NETBIOS SMB-DS DCERPC Messenger Service buffer overflow attempt (netbios.rules)
2350 - NETBIOS DCERPC ISystemActivator bind accept (netbios.rules, requires 3.2 or later)
2351 - NETBIOS DCERPC ISystemActivator path overflow attempt little endian (netbios.rules, requires 3.2 or later)
2352 - NETBIOS DCERPC ISystemActivator path overflow attempt big endian (netbios.rules, requires 3.2 or later)
2381 - WEB-MISC schema overflow attempt (web-misc.rules, requires 3.1 or later)
2382 - NETBIOS SMB DCERPC NTLMSSP asn1 overflow attempt (netbios.rules, requires 3.2 or later)
2383 - NETBIOS SMB-DS DCERPC NTLMSSP asn1 overflow attempt (netbios.rules, requires 3.2 or later)
2384 - NETBIOS SMB NTLMSSP invalid mechlistMIC attempt (deleted.rules)
2385 - NETBIOS SMB-DS DCERPC NTLMSSP invalid mechlistMIC attempt (deleted.rules)
2386 - WEB-IIS NTLM ASN.1 vulnerability scan attempt (web-iis.rules)
2391 - FTP APPE overflow attempt (ftp.rules, requires 3.1 or later)
2419 - MULTIMEDIA realplayer .ram playlist download attempt (multimedia.rules, requires 3.2 or later)
2420 - MULTIMEDIA realplayer .rmp playlist download attempt (multimedia.rules, requires 3.2 or later)
2421 - MULTIMEDIA realplayer .smi playlist download attempt (multimedia.rules, requires 3.2 or later)
2422 - MULTIMEDIA realplayer .rt playlist download attempt (multimedia.rules, requires 3.2 or later)
2423 - MULTIMEDIA realplayer .rp playlist download attempt (multimedia.rules, requires 3.2 or later)
2491 - NETBIOS SMB-DS DCERPC ISystemActivator unicode bind attempt (netbios.rules, requires 3.2 or later)
2492 - NETBIOS SMB DCERPC ISystemActivator bind attempt (netbios.rules, requires 3.2 or later)
2493 - NETBIOS SMB DCERPC ISystemActivator unicode bind attempt (netbios.rules, requires 3.2 or later)
2494 - NETBIOS DCEPRC ORPCThis request flood attempt (netbios.rules, requires 3.2 or later)
2495 - NETBIOS SMB DCEPRC ORPCThis request flood attempt (netbios.rules, requires 3.2 or later)
2496 - NETBIOS SMB-DS DCEPRC ORPCThis request flood attempt (netbios.rules, requires 3.2 or later)
2497 - IMAP SSLv3 invalid data version attempt (imap.rules)
2498 - IMAP SSLv3 invalid timestamp attempt (deleted.rules)
2499 - MISC LDAP SSLv3 invalid timestamp attempt (deleted.rules)
2501 - POP3 SSLv3 invalid timestamp attempt (pop3.rules)
2502 - POP3 SSLv3 invalid data version attempt (pop3.rules)
2503 - SMTP SSLv3 invalid timestamp attempt (deleted.rules)
2504 - SMTP SSLv3 invalid data version attempt (smtp.rules)
2505 - WEB-MISC SSLv3 invalid data version attempt (web-misc.rules)
2506 - WEB-MISC SSLv3 invalid timestamp attempt (deleted.rules)
2520 - WEB-MISC SSLv3 Client_Hello request (web-misc.rules, requires 3.2 or later)
2521 - WEB-MISC SSLv3 Server_Hello request (web-misc.rules, requires 3.2 or later)
2522 - WEB-MISC SSLv3 invalid Client_Hello attempt (web-misc.rules, requires 3.2 or later)
2529 - IMAP SSLv3 Client_Hello request (imap.rules, requires 3.2 or later)
2530 - IMAP SSLv3 Server_Hello request (imap.rules, requires 3.2 or later)
2531 - IMAP SSLv3 invalid Client_Hello attempt (imap.rules, requires 3.2 or later)
2532 - MISC LDAP SSLv3 Client_Hello request (misc.rules, requires 3.2 or later)
2533 - MISC LDAP SSLv3 Server_Hello request (misc.rules, requires 3.2 or later)
2534 - MISC LDAP SSLv3 invalid Client_Hello attempt (misc.rules, requires 3.2 or later)
2535 - POP3 SSLv3 Client_Hello request (pop3.rules, requires 3.2 or later)
2536 - POP3 SSLv3 Server_Hello request (pop3.rules, requires 3.2 or later)
2537 - POP3 SSLv3 invalid Client_Hello attempt (pop3.rules, requires 3.2 or later)
2538 - SMTP SSLv3 Client_Hello request (smtp.rules, requires 3.2 or later)
2539 - SMTP SSLv3 Server_Hello request (smtp.rules, requires 3.2 or later)
2540 - SMTP SSLv3 invalid Client_Hello attempt (smtp.rules, requires 3.2 or later)
2541 - SMTP TLS SSLv3 invalid data version attempt (smtp.rules, requires 3.2 or later)
2542 - SMTP TLS SSLv3 Client_Hello request (smtp.rules, requires 3.2 or later)
2543 - SMTP TLS SSLv3 Server_Hello request (smtp.rules, requires 3.2 or later)
2544 - SMTP TLS SSLv3 invalid Client_Hello attempt (smtp.rules, requires 3.2 or later)
2551 - EXPLOIT Oracle Web Cache GET overflow attempt (exploit.rules, requires 3.1 or later)
2552 - EXPLOIT Oracle Web Cache HEAD overflow attempt (exploit.rules, requires 3.1 or later)
2553 - EXPLOIT Oracle Web Cache PUT overflow attempt (exploit.rules, requires 3.1 or later)
2554 - EXPLOIT Oracle Web Cache POST overflow attempt (exploit.rules, requires 3.1 or later)
2555 - EXPLOIT Oracle Web Cache TRACE overflow attempt (exploit.rules, requires 3.1 or later)
2556 - EXPLOIT Oracle Web Cache DELETE overflow attempt (exploit.rules, requires 3.1 or later)
2557 - EXPLOIT Oracle Web Cache LOCK overflow attempt (exploit.rules, requires 3.1 or later)
2558 - EXPLOIT Oracle Web Cache MKCOL overflow attempt (exploit.rules, requires 3.1 or later)
2559 - EXPLOIT Oracle Web Cache COPY overflow attempt (exploit.rules, requires 3.1 or later)
2560 - EXPLOIT Oracle Web Cache MOVE overflow attempt (exploit.rules, requires 3.1 or later)
2561 - MISC rsync backup-dir directory traversal attempt (misc.rules, requires 3.1 or later)
2566 - WEB-PHP PHPBB viewforum.php access (web-php.rules)
2567 - WEB-CGI Emumail init.emu access (web-cgi.rules)
2568 - WEB-CGI Emumail emumail.fcgi access (web-cgi.rules)
2576 - ORACLE generate_replication_support prefix buffer overflow attempt (oracle.rules, requires 3.1 or later)
2584 - EXPLOIT eMule buffer overflow attempt (exploit.rules, requires 3.1 or later)





More information about the Snort-sigs mailing list