[Snort-sigs] Serv-U vulnerabilities

Joseph Gama josephgama at ...144...
Wed Aug 18 14:05:13 EDT 2004


alert tcp $EXTERNAL_NET any -> $HOME_NET 21
(msg:"Serv-U Local Privilege Escalation
Vulnerability"; content:"site exec"; nocase; rawbytes;
reference:url,http.www.securiteam.com/windowsntfocus/5YP0F1FDPO.html;
classtype:misc-activity; sid:2000000; rev:1;)

alert tcp $EXTERNAL_NET any -> $HOME_NET 21
(msg:"Serv-U FTP directory traversal vulnerability";
pcre:"/\\[\.]+%20/Bi";
reference:url,http.www.securiteam.com/windowsntfocus/6C0041F0KO.html;
classtype:misc-activity; sid:2000000; rev:1;)

alert tcp $EXTERNAL_NET any -> $HOME_NET 21
(msg:"Serv-U FTP directory traversal vulnerability";
pcre:"/%20[\.]+\//Bi";
reference:url,http.www.securiteam.com/windowsntfocus/6C0041F0KO.html;
classtype:misc-activity; sid:2000000; rev:1;)

alert tcp $EXTERNAL_NET any -> $HOME_NET 21
(msg:"Serv-U LIST -l Parameter Buffer Overflow";
content:"LIST -l\:"; nocase; isdataat:134,
relative;reference:url,http.www.securiteam.com/windowsntfocus/5ZP0G2KCKA.html;
classtype:misc-activity; sid:2000000; rev:1;)

alert tcp any any -> any any (msg:"Serv-U MDTM Command
Buffer Overflow Vulnerability";
pcre:"/MDTM[\s]+[\d]+[\s\S]*[\w]{45}/Bi";
reference:url,http.www.securiteam.com/windowsntfocus/5HP010ACAS.html;
classtype:misc-activity; sid:2000000; rev:1;)

alert tcp any any -> any any (msg:"Serv-U FTP Server
Long Filename Stack Overflow Vulnerability";
pcre:"/chmod[\s]+([\d]{1,4})*[\s]*[\w\.\/]{250}/Bi";
reference:url,http.www.securiteam.com/windowsntfocus/5OP0N1PBPG.html;
classtype:misc-activity; sid:2000000; rev:1;)


	
		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail 




More information about the Snort-sigs mailing list