[Snort-sigs] PNG vulnerabilities and more

Joseph Gama josephgama at ...144...
Wed Aug 18 14:04:09 EDT 2004


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any
(msg:"libPNG - Remotely exploitable stack-based buffer
overrun in png_handle_tRNS";
pcre:"/\x89\x50\x4E\x47\x0D\x0A\x1A\x0A([\s\S]){17}\x03/Ri";
content:"tRNS"; byte_jump:4, -8, relative, big;
pcre:"/([\s\S]){8}/R";
pcre:"/([a-zA-Z]){2}[A-Z][a-zA-Z]/R";
reference:url,http.www.securiteam.com/unixfocus/5ZP0C0KDPG.html;
classtype:misc-activity; sid:2000000; rev:1;)

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any
(msg:"Microsoft Windows 2000 WebDAV / ntdll.dll Buffer
Overflow";
content:"%9C%8D%85\%FE%FF%FFP%FFU%98%8B@%10%8B%08%89%8DX%FE%FFHTTP/1.1";
rawbytes; nocase;
reference:url,http.securityresponse.symantec.com/avcenter/security/Content/3.17.2003.html;
classtype:misc-activity; sid:2000000; rev:1;)

alert tcp any any -> any any (msg:"Adobe
Acrobat/Acrobat Reader ActiveX Control Buffer Overflow
Vulnerability";
pcre:"/[\w]+\.pdf%00[\w-_\.!~*'"\(\)]+HTTP\/1\.1/Bi";
reference:url,http.www.securiteam.com/windowsntfocus/5BP0D20DPW.html;
classtype:misc-activity; sid:2000000; rev:1;)

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET 2702
(msg:"Denial of Service in Microsoft SMS Client";
content:"RCH0####RCHE"; isdataat:130,
relative;reference:url,http.www.securiteam.com/windowsntfocus/5WP0N1FDFW.html;
classtype:misc-activity; sid:2000000; rev:1;)

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any
(msg:"Unchecked Buffer in mstask.dll";
pcre:"/iframe[\s\S]+src[\s]*=[\s\S]+\.job/i";
reference:url,http.www.securiteam.com/windowsntfocus/5GP0B2ADFQ.html;
classtype:misc-activity; sid:2000000; rev:1;)

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any
(msg:"Internet Explorer Memory Corruption Bug";
pcre:"/<STYLE>[\s\S]*@\;\/*/i";
reference:url,http.www.securiteam.com/windowsntfocus/5XP051FDFM.html;
classtype:misc-activity; sid:2000000; rev:1;)




		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail 




More information about the Snort-sigs mailing list