[Snort-sigs] Sourcefire VRT Certified Rules Update

Sourcefire VRT research at ...435...
Wed Dec 14 16:31:03 EST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Rules Update

Synopsis:
The Sourcefire Vulnerability Research Team (VRT) has learned of
multiple vulnerabilities affecting hosts using the Microsoft operating
system.

Details:
Microsoft Security Bulletin MS05-054
A vulnerability exists in the way that Internet Explorer handles COM
objects that should not be used by Internet Explorer. When Internet
Explorer tries to use these COM objects as ActiveX controls, an
attacker may be presented with the opportunity to execute code of their
choosing on the target system.

Rules to detect attacks targeting this vulnerability are included in
this update and are identified as sids 4890 through 4915.

A vulnerability exists in the way Internet Explorer handles the
window() function supplied to the javascript "onload" handler as a
parameter.

The Sourcefire VRT has confirmed that a rule identified as sid 4647,
released on November 9, 2005, will generate events when an attempt is
made to exploit this vulnerability.

New rules:
4826 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance unicode little
endian attempt (netbios.rules)
4827 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance unicode little
endian attempt (netbios.rules)
4828 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode
little endian attempt (netbios.rules)
4829 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance unicode
attempt (netbios.rules)
4830 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode
attempt (netbios.rules)
4831 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance little endian
attempt (netbios.rules)
4832 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX
unicode attempt (netbios.rules)
4833 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX
attempt (netbios.rules)
4834 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance attempt
(netbios.rules)
4835 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance little endian
attempt (netbios.rules)
4836 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX attempt
(netbios.rules)
4837 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance unicode
attempt (netbios.rules)
4838 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX
unicode little endian attempt (netbios.rules)
4839 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance unicode attempt
(netbios.rules)
4840 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX
little endian attempt (netbios.rules)
4841 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance unicode little
endian attempt (netbios.rules)
4842 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
unicode little endian attempt (netbios.rules)
4843 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX little
endian attempt (netbios.rules)
4844 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance unicode
attempt (netbios.rules)
4845 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance unicode
little endian attempt (netbios.rules)
4846 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
attempt (netbios.rules)
4847 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance attempt
(netbios.rules)
4848 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
attempt (netbios.rules)
4849 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance attempt
(netbios.rules)
4850 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
unicode attempt (netbios.rules)
4851 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
little endian attempt (netbios.rules)
4852 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
little endian attempt (netbios.rules)
4853 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance little endian
attempt (netbios.rules)
4854 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance little
endian attempt (netbios.rules)
4855 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
unicode little endian attempt (netbios.rules)
4856 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance attempt
(netbios.rules)
4857 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
unicode attempt (netbios.rules)
4858 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance unicode little
endian andx attempt (netbios.rules)
4859 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance unicode little
endian andx attempt (netbios.rules)
4860 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode
little endian andx attempt (netbios.rules)
4861 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance unicode andx
attempt (netbios.rules)
4862 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX unicode
andx attempt (netbios.rules)
4863 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance little endian
andx attempt (netbios.rules)
4864 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX
unicode andx attempt (netbios.rules)
4865 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX andx
attempt (netbios.rules)
4866 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance andx attempt
(netbios.rules)
4867 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance little endian
andx attempt (netbios.rules)
4868 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX andx
attempt (netbios.rules)
4869 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance unicode andx
attempt (netbios.rules)
4870 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX
unicode little endian andx attempt (netbios.rules)
4871 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance unicode andx
attempt (netbios.rules)
4872 - NETBIOS SMB-DS umpnpmgr PNP_GetRootDeviceInstance WriteAndX
little endian andx attempt (netbios.rules)
4873 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance unicode little
endian andx attempt (netbios.rules)
4874 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
unicode little endian andx attempt (netbios.rules)
4875 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance WriteAndX little
endian andx attempt (netbios.rules)
4876 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance unicode
andx attempt (netbios.rules)
4877 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance unicode
little endian andx attempt (netbios.rules)
4878 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX andx
attempt (netbios.rules)
4879 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance andx attempt
(netbios.rules)
4880 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
andx attempt (netbios.rules)
4881 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance andx
attempt (netbios.rules)
4882 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
unicode andx attempt (netbios.rules)
4883 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
little endian andx attempt (netbios.rules)
4884 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
little endian andx attempt (netbios.rules)
4885 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance little endian
andx attempt (netbios.rules)
4886 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance little
endian andx attempt (netbios.rules)
4887 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
unicode little endian andx attempt (netbios.rules)
4888 - NETBIOS SMB umpnpmgr PNP_GetRootDeviceInstance andx attempt
(netbios.rules)
4889 - NETBIOS SMB v4 umpnpmgr PNP_GetRootDeviceInstance WriteAndX
unicode andx attempt (netbios.rules)
4890 - WEB-CLIENT IAVIStream & IAVIFile Proxy ActiveX Object Access
(web-client.rules)
4891 - WEB-CLIENT cfw Class ActiveX Object Access (web-client.rules)
4892 - WEB-CLIENT MTSEvents Class ActiveX Object Access
(web-client.rules)
4893 - WEB-CLIENT Trident HTMLEditor ActiveX Object Access
(web-client.rules)
4894 - WEB-CLIENT PSEnumVariant ActiveX Object Access
(web-client.rules)
4895 - WEB-CLIENT PSTypeInfo ActiveX Object Access (web-client.rules)
4896 - WEB-CLIENT PSTypeLib ActiveX Object Access (web-client.rules)
4897 - WEB-CLIENT PSOAInterface ActiveX Object Access
(web-client.rules)
4898 - WEB-CLIENT PSTypeComp ActiveX Object Access (web-client.rules)
4899 - WEB-CLIENT ISupportErrorInfo Interface ActiveX Object Access
(web-client.rules)
4900 - WEB-CLIENT Outlook Progress Ctl ActiveX Object Access
(web-client.rules)
4901 - WEB-CLIENT VMR Allocator Presenter 9 ActiveX Object Access
(web-client.rules)
4902 - WEB-CLIENT Video Mixing Renderer 9 ActiveX Object Access
(web-client.rules)
4903 - WEB-CLIENT VMR ImageSync 9 ActiveX Object Access
(web-client.rules)
4904 - WEB-CLIENT Microsoft Repository Alias ActiveX Object Access
(web-client.rules)
4905 - WEB-CLIENT Microsoft Repository Object ActiveX Object Access
(web-client.rules)
4906 - WEB-CLIENT Microsoft Repository Interface Definition ActiveX
Object Access (web-client.rules)
4907 - WEB-CLIENT Microsoft Repository Collection Definition ActiveX
Object Access (web-client.rules)
4908 - WEB-CLIENT Microsoft Repository Method Definition ActiveX Object
Access (web-client.rules)
4909 - WEB-CLIENT Microsoft Repository Property Definition ActiveX
Object Access (web-client.rules)
4910 - WEB-CLIENT Microsoft Repository Relationship Definition ActiveX
Object Access (web-client.rules)
4911 - WEB-CLIENT Microsoft Repository Type Library ActiveX Object
Access (web-client.rules)
4912 - WEB-CLIENT Microsoft Repository Root ActiveX Object Access
(web-client.rules)
4913 - WEB-CLIENT Microsoft Repository Workspace ActiveX Object Access
(web-client.rules)
4914 - WEB-CLIENT Microsoft Repository Script Definition ActiveX Object
Access (web-client.rules)
4915 - WEB-CLIENT Shortcut Handler ActiveX Object Access
(web-client.rules)
4916 - WEB-CLIENT internet explorer javascript onload document.write
obfuscation overflow attempt (web-client.rules)
4917 - WEB-CLIENT internet explorer javascript onload prompt
obfuscation overflow attempt (web-client.rules)
4918 - NETBIOS SMB umpnpmgr PNP_GetDeviceList dos attempt
(netbios.rules)
4919 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList dos attempt
(netbios.rules)
4920 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX little
endian dos attempt (netbios.rules)
4921 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX dos attempt
(netbios.rules)
4922 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList unicode dos attempt
(netbios.rules)
4923 - NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX unicode little
endian dos attempt (netbios.rules)
4924 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList little endian dos
attempt (netbios.rules)
4925 - NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX little endian
dos attempt (netbios.rules)
4926 - NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX unicode dos
attempt (netbios.rules)
4927 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX unicode
little endian dos attempt (netbios.rules)
4928 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList unicode dos attempt
(netbios.rules)
4929 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode
dos attempt (netbios.rules)
4930 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList little endian dos
attempt (netbios.rules)
4931 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX dos attempt
(netbios.rules)
4932 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList unicode little
endian dos attempt (netbios.rules)
4933 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX little
endian dos attempt (netbios.rules)
4934 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode dos
attempt (netbios.rules)
4935 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode
little endian dos attempt (netbios.rules)
4936 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList unicode dos attempt
(netbios.rules)
4937 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList unicode little endian
dos attempt (netbios.rules)
4938 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX little
endian dos attempt (netbios.rules)
4939 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode
little endian dos attempt (netbios.rules)
4940 - NETBIOS SMB umpnpmgr PNP_GetDeviceList unicode dos attempt
(netbios.rules)
4941 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList dos attempt
(netbios.rules)
4942 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList dos attempt
(netbios.rules)
4943 - NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX dos attempt
(netbios.rules)
4944 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList little endian dos
attempt (netbios.rules)
4945 - NETBIOS SMB umpnpmgr PNP_GetDeviceList little endian dos attempt
(netbios.rules)
4946 - NETBIOS SMB umpnpmgr PNP_GetDeviceList unicode little endian dos
attempt (netbios.rules)
4947 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX unicode dos
attempt (netbios.rules)
4948 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList unicode little endian
dos attempt (netbios.rules)
4949 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX dos
attempt (netbios.rules)
4950 - NETBIOS SMB umpnpmgr PNP_GetDeviceList andx dos attempt
(netbios.rules)
4951 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList andx dos attempt
(netbios.rules)
4952 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX little
endian andx dos attempt (netbios.rules)
4953 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX andx dos
attempt (netbios.rules)
4954 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList unicode andx dos
attempt (netbios.rules)
4955 - NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX unicode little
endian andx dos attempt (netbios.rules)
4956 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList little endian andx dos
attempt (netbios.rules)
4957 - NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX little endian
andx dos attempt (netbios.rules)
4958 - NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX unicode andx
dos attempt (netbios.rules)
4959 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX unicode
little endian andx dos attempt (netbios.rules)
4960 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList unicode andx dos
attempt (netbios.rules)
4961 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode
andx dos attempt (netbios.rules)
4962 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList little endian andx
dos attempt (netbios.rules)
4963 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX andx dos
attempt (netbios.rules)
4964 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList unicode little
endian andx dos attempt (netbios.rules)
4965 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX little
endian andx dos attempt (netbios.rules)
4966 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode andx
dos attempt (netbios.rules)
4967 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode
little endian andx dos attempt (netbios.rules)
4968 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList unicode andx dos
attempt (netbios.rules)
4969 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList unicode little endian
andx dos attempt (netbios.rules)
4970 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX little
endian andx dos attempt (netbios.rules)
4971 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList WriteAndX unicode
little endian andx dos attempt (netbios.rules)
4972 - NETBIOS SMB umpnpmgr PNP_GetDeviceList unicode andx dos attempt
(netbios.rules)
4973 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList andx dos attempt
(netbios.rules)
4974 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList andx dos attempt
(netbios.rules)
4975 - NETBIOS SMB umpnpmgr PNP_GetDeviceList WriteAndX andx dos
attempt (netbios.rules)
4976 - NETBIOS SMB v4 umpnpmgr PNP_GetDeviceList little endian andx dos
attempt (netbios.rules)
4977 - NETBIOS SMB umpnpmgr PNP_GetDeviceList little endian andx dos
attempt (netbios.rules)
4978 - NETBIOS SMB umpnpmgr PNP_GetDeviceList unicode little endian
andx dos attempt (netbios.rules)
4979 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList WriteAndX unicode andx
dos attempt (netbios.rules)
4980 - NETBIOS SMB-DS umpnpmgr PNP_GetDeviceList unicode little endian
andx dos attempt (netbios.rules)
4981 - NETBIOS SMB-DS v4 umpnpmgr PNP_GetDeviceList WriteAndX andx dos
attempt (netbios.rules)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDoLk1Mpm0ve0NhMcRAiczAJ0Shy8groElRbyEi9lxtFb+OV5fqgCfZK+9
ZlEuBUQJQsenzfD1Ws8TOVM=
=uJlY
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list