[Snort-sigs] Snort Community Rules Update

Sourcefire VRT research at ...435...
Mon Dec 12 09:45:03 EST 2005


This message is to announce the availability of an update for the 
Sourcefire community rule set, which can be downloaded free of cost or 
registration from http://www.snort.org/pub-bin/downloads.cgi.

New rules in this release are identified as SIDs 100000199-100000206. 
These rules detect logins attempts to the Symantec Brightmail Antispam 
system using a default password; access to the Novell eDirectory 
iMonitor system, which is vulnerable to a buffer overflow attack; access 
to a script within the CuteNews system that is vulnerable to arbitrary 
code injection; and access to page/parameter sets in the DeluxeBB system 
which are vulnerable to  SQL injection attacks.

Sourcefire would like to thank rmkml for submitting these rules. As a 
reminder, anyone who wishes to submit rules may do so at 
http://www.snort.org/reg-bin/rulesubmit.cgi.

A list of new rules and their SIDs follows.

Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.

100000199 || COMMUNITY MISC Novell eDirectory iMonitor access
100000200 || COMMUNITY WEB-MISC Symantec Brightmail Antispam default 
login attempt
100000201 || COMMUNITY WEB-PHP CuteNews flood.db.php access
100000202 || COMMUNITY WEB-PHP DeluxeBB topic.php access
100000203 || COMMUNITY WEB-PHP DeluxeBB misc.php access
100000204 || COMMUNITY WEB-PHP DeluxeBB pm.php access
100000205 || COMMUNITY WEB-PHP DeluxeBB forums.php access
100000206 || COMMUNITY WEB-PHP DeluxeBB newpost.php access




More information about the Snort-sigs mailing list