[Snort-sigs] Some "Fixes" for Community Rules.....

Stefan Bauer LumpiStefan at ...52...
Wed Dec 21 03:54:01 EST 2005


Here are some fixes for the community rules. They concern all the references
in the rules.....

alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"COMMUNITY IMAP GNU
Mailutils imap4d hex attempt"; flow:established,to_server; content:"SEARCH
TOPIC %"; reference:cve,2005-2878; reference:bugtraq,14794;
reference:nessus,19605;
reference:url,www.osvdb.org/displayvuln.php?osvdb_id=19306;
classtype:misc-attack; sid:100000207; rev:1;)

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY
WEB-MISC FtpLocate flsearch.pl possible command execution attempt";
flow:to_server,established; uricontent:"/flsearch.pl"; nocase;
uricontent:"cmd|3D|exec_flsearch"; nocase; reference:bugtraq,14367;
reference:cve,2005-2420; reference:nessus,19300;
reference:url,www.osvdb.org/displayvuln.php?osvdb_id=18305;
classtype:web-application-attack; sid:100000209; rev:1;)

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY
WEB-PHP Gallery g2_itemId access"; flow:to_server,established;
uricontent:"/main.php"; nocase; uricontent:"g2_itemId|3D|"; nocase;
reference:bugtraq,15108; reference:cve,2005-0222; reference:nessus,20015;
reference:url,www.osvdb.org/displayvuln.php?osvdb_id=13034;
classtype:web-application-attack; sid:100000211; rev:1;)

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY
WEB-PHP Gallery g2_return access"; flow:to_server,established;
uricontent:"/main.php"; nocase; uricontent:"g2_return|3D|"; nocase;
reference:bugtraq,15108; reference:cve,2005-0222; reference:nessus,20015;
reference:url,www.osvdb.org/displayvuln.php?osvdb_id=13034;
classtype:web-application-attack; sid:100000212; rev:1;)

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY
WEB-PHP Gallery g2_view access"; flow:to_server,established;
uricontent:"/main.php"; nocase; uricontent:"g2_view|3D|"; nocase;
reference:bugtraq,15108; reference:cve,2005-0222; reference:nessus,20015;
reference:url,www.osvdb.org/displayvuln.php?osvdb_id=13034;
classtype:web-application-attack; sid:100000213; rev:1;)

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY
WEB-PHP Gallery g2_subView access"; flow:to_server,established;
uricontent:"/main.php"; nocase; uricontent:"g2_subView|3D|"; nocase;
reference:bugtraq,15108; reference:cve,2005-0222; reference:nessus,20015;
reference:url,www.osvdb.org/displayvuln.php?osvdb_id=13034;
classtype:web-application-attack; sid:100000214; rev:1;)

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8008 (msg:"COMMUNITY MISC
Novell eDirectory iMonitor access"; flow:to_server,established;
uricontent:"/nds/"; nocase; reference:bugtraq,14548;
reference:cve,2005-2551; reference:nessus,19248;
reference:url,www.osvdb.org/displayvuln.php?osvdb_id=18703;
classtype:web-application-attack; sid:100000199; rev:1;)

In the first 6 there was an "," in the osvdb-reference and in the last one
there was a mistype in the nessus-reference.....

Regards

Stefan 

-- 
10 GB Mailbox, 100 FreeSMS/Monat http://www.gmx.net/de/go/topmail
+++ GMX - die erste Adresse für Mail, Message, More +++

-- 
10 GB Mailbox, 100 FreeSMS/Monat http://www.gmx.net/de/go/topmail
+++ GMX - die erste Adresse für Mail, Message, More +++




More information about the Snort-sigs mailing list