[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Mon Jul 18 18:08:40 EDT 2005


[***] Results from Oinkmaster started Mon Jul 18 20:00:04 2005 [***]

[+++]          Added rules:          [+++]

 2002120 - BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit -- JPEG with embedded ICC - Excessive Profile Size (bleeding-exploit.rules)
 2002121 - BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit -- JPEG with embedded ICC - Excessive Tag Count (bleeding-exploit.rules)
 2002122 - BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit -- GIF with embedded ICC - Excessive Profile Size (bleeding-exploit.rules)
 2002123 - BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit -- GIF with embedded ICC - Excessive Tag Count (bleeding-exploit.rules)
 2002124 - BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit -- PNG with embedded ICC document (bleeding-exploit.rules)
 2002125 - BLEEDING-EDGE VIRUS Mytob.HE - outbound (bleeding-virus.rules)
 2002126 - BLEEDING-EDGE VIRUS Mytob.HE - incoming (bleeding-virus.rules)
 2002127 - BLEEDING-EDGE EXPLOIT Firefox Set Wallpaper Code Execution Attempt (img) (bleeding-exploit.rules)
 2002128 - BLEEDING-EDGE EXPLOIT Firefox Set Wallpaper Code Execution Attempt (input) (bleeding-exploit.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-exploit.rules (6):
        #By Blake Hartstein
        # Submitted by Erik Fichtner, July 18, 2005
        # MS05-036 has a pile of vectors into the system.  These are just some of them.
        # False negative warning:  JPEG ICC can be fragged into multiple chunks.
        # False negative warning:  GIF ICC can be fragged into multiple chunks.
        # iCCP profiles are all compressed with zlib deflate. That's annoying. A preprocessor would do this work better.

     -> Added to bleeding-sid-msg.map (9):
        2002120 || BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit -- JPEG with embedded ICC - Excessive Profile Size || cve,CVE-2005-1219 || url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
        2002121 || BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit -- JPEG with embedded ICC - Excessive Tag Count || cve,CVE-2005-1219 || url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
        2002122 || BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit -- GIF with embedded ICC - Excessive Profile Size || cve,CVE-2005-1219 || url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
        2002123 || BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit -- GIF with embedded ICC - Excessive Tag Count || cve,CVE-2005-1219 || url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
        2002124 || BLEEDING-EDGE EXPLOIT Potential MS05-036 exploit -- PNG with embedded ICC document || cve,CVE-2005-1219 || url,www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
        2002125 || BLEEDING-EDGE VIRUS Mytob.HE - outbound || url,www.norman.com/Virus/Virus_descriptions/23458/en?show=default
        2002126 || BLEEDING-EDGE VIRUS Mytob.HE - incoming || url,www.norman.com/Virus/Virus_descriptions/23458/en?show=default
        2002127 || BLEEDING-EDGE EXPLOIT Firefox Set Wallpaper Code Execution Attempt (img) || url,www.mozilla.org/security/announce/mfsa2005-47.html || url,secunia.com/advisories/16043/
        2002128 || BLEEDING-EDGE EXPLOIT Firefox Set Wallpaper Code Execution Attempt (input) || url,www.mozilla.org/security/announce/mfsa2005-47.html || url,secunia.com/advisories/16043/

     -> Added to bleeding-virus.rules (3):
        # Mytob.HF
        # Mytob.HE
        #Submitted by Mark Scott, 7/8/2005

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-virus.rules (1):
        #Mytob.HF





More information about the Snort-sigs mailing list