[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Sat Dec 31 17:01:00 EST 2005


[***] Results from Oinkmaster started Sat Dec 31 20:00:08 2005 [***]

[+++]          Added rules:          [+++]

 2002742 - EXPLOIT WMF Escape Record Exploit (bleeding.rules)


[///]     Modified active rules:     [///]

 2002741 - EXPLOIT WMF Escape Record Exploit - Web Only (bleeding.rules)


[///]    Modified inactive rules:    [///]

 2002733 - EXPLOIT WMF Escape Record Exploit - All Ports (bleeding.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (2):
        2002733 || EXPLOIT WMF Escape Record Exploit - All Ports || url,www.frsirt.com/english/advisories/2005/3086
        2002742 || EXPLOIT WMF Escape Record Exploit || url,www.frsirt.com/english/advisories/2005/3086

     -> Added to bleeding.rules (2):
        # Choose either All Ports or Web Only version. flow_depth (of http_inspect_server) has to be set to 0.
        # Recommend second Snort instance with that config.

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (1):
        2002733 || EXPLOIT WMF Escape Record Exploit || url,www.frsirt.com/english/advisories/2005/3086





More information about the Snort-sigs mailing list