[Snort-sigs] PNG vulnerabilities 1

Joseph Gama josephgama at ...144...
Fri Aug 13 18:54:01 EDT 2004


alert tcp any any -> any any (msg:"libPNG - Possible
NULL-pointer crash in png_handle_iCCP"; content:"|89
50 4E 47 0D 0A 1A 0A|"; offset:0; depth:8;
byte_test:4,>=,0x80000000,0,relative,big,string,hex;
reference:url,http.www.securiteam.com/unixfocus/5ZP0C0KDPG.html;
classtype:misc-activity; sid:2000000; rev:1;)

alert tcp any any -> any any (msg:"libPNG - Width
exceeds limit"; content:"|89 50 4E 47 0D 0A 1A 0A|";
offset:0; depth:8;
byte_test:4,>=,0x80000000,8,relative,big,string,hex;
reference:url,http.www.securiteam.com/unixfocus/5ZP0C0KDPG.html;
classtype:misc-activity; sid:2000000; rev:1;)

alert tcp any any -> any any (msg:"libPNG - Height
exceeds limit"; content:"|89 50 4E 47 0D 0A 1A 0A|";
offset:0; depth:8;
byte_test:4,>=,0x80000000,12,relative,big,string,hex;
reference:url,http.www.securiteam.com/unixfocus/5ZP0C0KDPG.html;
classtype:misc-activity; sid:2000000; rev:1;)

alert tcp any any -> any any (msg:"libPNG - zero
Width"; content:"|89 50 4E 47 0D 0A 1A 0A|"; offset:0;
depth:8;
byte_test:4,=,0x00000000,8,relative,big,string,hex;
reference:url,http.www.securiteam.com/unixfocus/5ZP0C0KDPG.html;
classtype:misc-activity; sid:2000000; rev:1;)

alert tcp any any -> any any (msg:"libPNG - zero
Height"; content:"|89 50 4E 47 0D 0A 1A 0A|";
offset:0; depth:8;
byte_test:4,=,0x00000000,12,relative,big,string,hex;
reference:url,http.www.securiteam.com/unixfocus/5ZP0C0KDPG.html;
classtype:misc-activity; sid:2000000; rev:1;)

alert tcp any any -> any any (msg:"libPNG - Possible
integer overflow in allocation in png_handle_sPLT";
content:"|89 50 4E 47 0D 0A 1A 0A|"; offset:0;
depth:8; content:"sPLT"; isdataat:80,relative;
content:!"|00|";
distance:0;reference:url,http.www.securiteam.com/unixfocus/5ZP0C0KDPG.html;
classtype:misc-activity; sid:2000000; rev:1;)




		
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail




More information about the Snort-sigs mailing list