[Snort-sigs] Some "Fixes" for Community Rules.....

Alex Kirk alex.kirk at ...435...
Thu Dec 22 08:26:14 EST 2005


Thanks for pointing these out. They'll be fixed shortly.

Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.

>Here are some fixes for the community rules. They concern all the references
>in the rules.....
>
>alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"COMMUNITY IMAP GNU
>Mailutils imap4d hex attempt"; flow:established,to_server; content:"SEARCH
>TOPIC %"; reference:cve,2005-2878; reference:bugtraq,14794;
>reference:nessus,19605;
>reference:url,www.osvdb.org/displayvuln.php?osvdb_id=19306;
>classtype:misc-attack; sid:100000207; rev:1;)
>
>alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY
>WEB-MISC FtpLocate flsearch.pl possible command execution attempt";
>flow:to_server,established; uricontent:"/flsearch.pl"; nocase;
>uricontent:"cmd|3D|exec_flsearch"; nocase; reference:bugtraq,14367;
>reference:cve,2005-2420; reference:nessus,19300;
>reference:url,www.osvdb.org/displayvuln.php?osvdb_id=18305;
>classtype:web-application-attack; sid:100000209; rev:1;)
>
>alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY
>WEB-PHP Gallery g2_itemId access"; flow:to_server,established;
>uricontent:"/main.php"; nocase; uricontent:"g2_itemId|3D|"; nocase;
>reference:bugtraq,15108; reference:cve,2005-0222; reference:nessus,20015;
>reference:url,www.osvdb.org/displayvuln.php?osvdb_id=13034;
>classtype:web-application-attack; sid:100000211; rev:1;)
>
>alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY
>WEB-PHP Gallery g2_return access"; flow:to_server,established;
>uricontent:"/main.php"; nocase; uricontent:"g2_return|3D|"; nocase;
>reference:bugtraq,15108; reference:cve,2005-0222; reference:nessus,20015;
>reference:url,www.osvdb.org/displayvuln.php?osvdb_id=13034;
>classtype:web-application-attack; sid:100000212; rev:1;)
>
>alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY
>WEB-PHP Gallery g2_view access"; flow:to_server,established;
>uricontent:"/main.php"; nocase; uricontent:"g2_view|3D|"; nocase;
>reference:bugtraq,15108; reference:cve,2005-0222; reference:nessus,20015;
>reference:url,www.osvdb.org/displayvuln.php?osvdb_id=13034;
>classtype:web-application-attack; sid:100000213; rev:1;)
>
>alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY
>WEB-PHP Gallery g2_subView access"; flow:to_server,established;
>uricontent:"/main.php"; nocase; uricontent:"g2_subView|3D|"; nocase;
>reference:bugtraq,15108; reference:cve,2005-0222; reference:nessus,20015;
>reference:url,www.osvdb.org/displayvuln.php?osvdb_id=13034;
>classtype:web-application-attack; sid:100000214; rev:1;)
>
>alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8008 (msg:"COMMUNITY MISC
>Novell eDirectory iMonitor access"; flow:to_server,established;
>uricontent:"/nds/"; nocase; reference:bugtraq,14548;
>reference:cve,2005-2551; reference:nessus,19248;
>reference:url,www.osvdb.org/displayvuln.php?osvdb_id=18703;
>classtype:web-application-attack; sid:100000199; rev:1;)
>
>In the first 6 there was an "," in the osvdb-reference and in the last one
>there was a mistype in the nessus-reference.....
>
>Regards
>
>Stefan 
>
>  
>





More information about the Snort-sigs mailing list