[Snort-sigs] Sourcefire VRT Certified Rules Update

Matthew Watchinski mwatchinski at ...435...
Thu Jun 30 18:21:45 EDT 2005


Sourcefire VRT Certified Rules Update
 
Synopsis:
The Sourcefire Vulnerability Research Team (VRT) has learned of
multiple serious vulnerabilities affecting Veritas Backup Exec Server
and Agent software.
 
Details:
US-CERT Vulnerability Note VU#352625
A vulnerability exists in the Veritas Backup Server handles DCERPC
requests that attempt to alter registry values, enabling an attacker to
modify the registry. The Backup Server accepts anonymous client
requests, but fails to assign the appropriate privileges. This allows
an attacker to perform privileged tasks on the server. One such task is
altering registry values.
 
US-CERT Vulnerability Note VU#492105, CAN-2005-0773
A vulnerability exists in Veritas Backup Agent authentication software.
This software uses Network Data Management Protocol (NDMP) to
communicate between clients and servers. Authentication is required to
successfully connect. Errors in processing the authentication
credentials can give an attacker the opportunity to overflow a fixed
length buffer which may lead to the execution of code of the attackers
choosing on the affected host.
 
US-CERT Vulnerability Note VU#584505, CAN-2005-0771
The Veritas Backup Agent Exec provides backup software. Certain
communications are done via the Network Data Management Protocol
(NDMP). The agent does not properly handle malformed NDMP protocol
requests. Exploitation of this issue is simple and can lead to a Denial
of Service (DoS) for the agent.
 
Rules to detect attacks against these vulnerabilities are included in
this rule pack and are identified as sids 3695 through 3812.
 
References:
US-CERT Technical Cyber Security Alert TA05-180A
http://www.us-cert.gov/cas/techalerts/TA05-180A.html
 
VERITAS Security Advisory for Backup Exec for Windows Servers and
Backup Exec for NetWare Servers
http://seer.support.veritas.com/docs/277428.htm

New rules:
 3695 - EXPLOIT Veritas Backup Agent password overflow attempt (exploit.rules)
 3696 - EXPLOIT Veritas Backup Agent DoS attempt (exploit.rules)
 3697 - NETBIOS DCERPC DIRECT veritas alter context attempt (netbios.rules)
 3698 - NETBIOS DCERPC DIRECT veritas bind attempt (netbios.rules)
 3699 - NETBIOS DCERPC DIRECT veritas little endian alter context attempt (netbios.rules)
 3700 - NETBIOS DCERPC DIRECT veritas little endian bind attempt (netbios.rules)
 3701 - NETBIOS DCERPC NCACN-IP-TCP veritas alter context attempt (netbios.rules)
 3702 - NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt (netbios.rules)
 3703 - NETBIOS DCERPC NCACN-IP-TCP veritas little endian alter context attempt (netbios.rules)
 3704 - NETBIOS DCERPC NCACN-IP-TCP veritas little endian bind attempt (netbios.rules)
 3705 - NETBIOS SMB veritas WriteAndX alter context attempt (netbios.rules)
 3706 - NETBIOS SMB veritas WriteAndX andx alter context attempt (netbios.rules)
 3707 - NETBIOS SMB veritas WriteAndX andx bind attempt (netbios.rules)
 3708 - NETBIOS SMB veritas WriteAndX bind attempt (netbios.rules)
 3709 - NETBIOS SMB veritas WriteAndX little endian alter context attempt (netbios.rules)
 3710 - NETBIOS SMB veritas WriteAndX little endian andx alter context attempt (netbios.rules)
 3711 - NETBIOS SMB veritas WriteAndX little endian andx bind attempt (netbios.rules)
 3712 - NETBIOS SMB veritas WriteAndX little endian bind attempt (netbios.rules)
 3713 - NETBIOS SMB veritas WriteAndX unicode alter context attempt (netbios.rules)
 3714 - NETBIOS SMB veritas WriteAndX unicode andx alter context attempt (netbios.rules)
 3715 - NETBIOS SMB veritas WriteAndX unicode andx bind attempt (netbios.rules)
 3716 - NETBIOS SMB veritas WriteAndX unicode bind attempt (netbios.rules)
 3717 - NETBIOS SMB veritas WriteAndX unicode little endian alter context attempt (netbios.rules)
 3718 - NETBIOS SMB veritas WriteAndX unicode little endian andx alter context attempt (netbios.rules)
 3719 - NETBIOS SMB veritas WriteAndX unicode little endian andx bind attempt (netbios.rules)
 3720 - NETBIOS SMB veritas WriteAndX unicode little endian bind attempt (netbios.rules)
 3721 - NETBIOS SMB veritas alter context attempt (netbios.rules)
 3722 - NETBIOS SMB veritas andx alter context attempt (netbios.rules)
 3723 - NETBIOS SMB veritas andx bind attempt (netbios.rules)
 3724 - NETBIOS SMB veritas bind attempt (netbios.rules)
 3725 - NETBIOS SMB veritas little endian alter context attempt (netbios.rules)
 3726 - NETBIOS SMB veritas little endian andx alter context attempt (netbios.rules)
 3727 - NETBIOS SMB veritas little endian andx bind attempt (netbios.rules)
 3728 - NETBIOS SMB veritas little endian bind attempt (netbios.rules)
 3729 - NETBIOS SMB veritas unicode alter context attempt (netbios.rules)
 3730 - NETBIOS SMB veritas unicode andx alter context attempt (netbios.rules)
 3731 - NETBIOS SMB veritas unicode andx bind attempt (netbios.rules)
 3732 - NETBIOS SMB veritas unicode bind attempt (netbios.rules)
 3733 - NETBIOS SMB veritas unicode little endian alter context attempt (netbios.rules)
 3734 - NETBIOS SMB veritas unicode little endian andx alter context attempt (netbios.rules)
 3735 - NETBIOS SMB veritas unicode little endian andx bind attempt (netbios.rules)
 3736 - NETBIOS SMB veritas unicode little endian bind attempt (netbios.rules)
 3737 - NETBIOS SMB-DS veritas WriteAndX alter context attempt (netbios.rules)
 3738 - NETBIOS SMB-DS veritas WriteAndX andx alter context attempt (netbios.rules)
 3739 - NETBIOS SMB-DS veritas WriteAndX andx bind attempt (netbios.rules)
 3740 - NETBIOS SMB-DS veritas WriteAndX bind attempt (netbios.rules)
 3741 - NETBIOS SMB-DS veritas WriteAndX little endian alter context attempt (netbios.rules)
 3742 - NETBIOS SMB-DS veritas WriteAndX little endian andx alter context attempt (netbios.rules)
 3743 - NETBIOS SMB-DS veritas WriteAndX little endian andx bind attempt (netbios.rules)
 3744 - NETBIOS SMB-DS veritas WriteAndX little endian bind attempt (netbios.rules)
 3745 - NETBIOS SMB-DS veritas WriteAndX unicode alter context attempt (netbios.rules)
 3746 - NETBIOS SMB-DS veritas WriteAndX unicode andx alter context attempt (netbios.rules)
 3747 - NETBIOS SMB-DS veritas WriteAndX unicode andx bind attempt (netbios.rules)
 3748 - NETBIOS SMB-DS veritas WriteAndX unicode bind attempt (netbios.rules)
 3749 - NETBIOS SMB-DS veritas WriteAndX unicode little endian alter context attempt (netbios.rules)
 3750 - NETBIOS SMB-DS veritas WriteAndX unicode little endian andx alter context attempt (netbios.rules)
 3751 - NETBIOS SMB-DS veritas WriteAndX unicode little endian andx bind attempt (netbios.rules)
 3752 - NETBIOS SMB-DS veritas WriteAndX unicode little endian bind attempt (netbios.rules)
 3753 - NETBIOS SMB-DS veritas alter context attempt (netbios.rules)
 3754 - NETBIOS SMB-DS veritas andx alter context attempt (netbios.rules)
 3755 - NETBIOS SMB-DS veritas andx bind attempt (netbios.rules)
 3756 - NETBIOS SMB-DS veritas bind attempt (netbios.rules)
 3757 - NETBIOS SMB-DS veritas little endian alter context attempt (netbios.rules)
 3758 - NETBIOS SMB-DS veritas little endian andx alter context attempt (netbios.rules)
 3759 - NETBIOS SMB-DS veritas little endian andx bind attempt (netbios.rules)
 3760 - NETBIOS SMB-DS veritas little endian bind attempt (netbios.rules)
 3761 - NETBIOS SMB-DS veritas unicode alter context attempt (netbios.rules)
 3762 - NETBIOS SMB-DS veritas unicode andx alter context attempt (netbios.rules)
 3763 - NETBIOS SMB-DS veritas unicode andx bind attempt (netbios.rules)
 3764 - NETBIOS SMB-DS veritas unicode bind attempt (netbios.rules)
 3765 - NETBIOS SMB-DS veritas unicode little endian alter context attempt (netbios.rules)
 3766 - NETBIOS SMB-DS veritas unicode little endian andx alter context attempt (netbios.rules)
 3767 - NETBIOS SMB-DS veritas unicode little endian andx bind attempt (netbios.rules)
 3768 - NETBIOS SMB-DS veritas unicode little endian bind attempt (netbios.rules)
 3769 - NETBIOS DCERPC NCACN-HTTP veritas alter context attempt (netbios.rules)
 3770 - NETBIOS DCERPC NCACN-HTTP veritas bind attempt (netbios.rules)
 3771 - NETBIOS DCERPC NCACN-HTTP veritas little endian alter context attempt (netbios.rules)
 3772 - NETBIOS DCERPC NCACN-HTTP veritas little endian bind attempt (netbios.rules)
 3773 - NETBIOS DCERPC DIRECT-UDP veritas alter context attempt (netbios.rules)
 3774 - NETBIOS DCERPC DIRECT-UDP veritas bind attempt (netbios.rules)
 3775 - NETBIOS DCERPC DIRECT-UDP veritas little endian alter context attempt (netbios.rules)
 3776 - NETBIOS DCERPC DIRECT-UDP veritas little endian bind attempt (netbios.rules)
 3777 - NETBIOS DCERPC NCADG-IP-UDP veritas alter context attempt (netbios.rules)
 3778 - NETBIOS DCERPC NCADG-IP-UDP veritas bind attempt (netbios.rules)
 3779 - NETBIOS DCERPC NCADG-IP-UDP veritas little endian alter context attempt (netbios.rules)
 3780 - NETBIOS DCERPC NCADG-IP-UDP veritas little endian bind attempt (netbios.rules)
 3781 - NETBIOS-DG SMB veritas WriteAndX alter context attempt (netbios.rules)
 3782 - NETBIOS-DG SMB veritas WriteAndX andx alter context attempt (netbios.rules)
 3783 - NETBIOS-DG SMB veritas WriteAndX andx bind attempt (netbios.rules)
 3784 - NETBIOS-DG SMB veritas WriteAndX bind attempt (netbios.rules)
 3785 - NETBIOS-DG SMB veritas WriteAndX little endian alter context attempt (netbios.rules)
 3786 - NETBIOS-DG SMB veritas WriteAndX little endian andx alter context attempt (netbios.rules)
 3787 - NETBIOS-DG SMB veritas WriteAndX little endian andx bind attempt (netbios.rules)
 3788 - NETBIOS-DG SMB veritas WriteAndX little endian bind attempt (netbios.rules)
 3789 - NETBIOS-DG SMB veritas WriteAndX unicode alter context attempt (netbios.rules)
 3790 - NETBIOS-DG SMB veritas WriteAndX unicode andx alter context attempt (netbios.rules)
 3791 - NETBIOS-DG SMB veritas WriteAndX unicode andx bind attempt (netbios.rules)
 3792 - NETBIOS-DG SMB veritas WriteAndX unicode bind attempt (netbios.rules)
 3793 - NETBIOS-DG SMB veritas WriteAndX unicode little endian alter context attempt (netbios.rules)
 3794 - NETBIOS-DG SMB veritas WriteAndX unicode little endian andx alter context attempt (netbios.rules)
 3795 - NETBIOS-DG SMB veritas WriteAndX unicode little endian andx bind attempt (netbios.rules)
 3796 - NETBIOS-DG SMB veritas WriteAndX unicode little endian bind attempt (netbios.rules)
 3797 - NETBIOS-DG SMB veritas alter context attempt (netbios.rules)
 3798 - NETBIOS-DG SMB veritas andx alter context attempt (netbios.rules)
 3799 - NETBIOS-DG SMB veritas andx bind attempt (netbios.rules)
 3800 - NETBIOS-DG SMB veritas bind attempt (netbios.rules)
 3801 - NETBIOS-DG SMB veritas little endian alter context attempt (netbios.rules)
 3802 - NETBIOS-DG SMB veritas little endian andx alter context attempt (netbios.rules)
 3803 - NETBIOS-DG SMB veritas little endian andx bind attempt (netbios.rules)
 3804 - NETBIOS-DG SMB veritas little endian bind attempt (netbios.rules)
 3805 - NETBIOS-DG SMB veritas unicode alter context attempt (netbios.rules)
 3806 - NETBIOS-DG SMB veritas unicode andx alter context attempt (netbios.rules)
 3807 - NETBIOS-DG SMB veritas unicode andx bind attempt (netbios.rules)
 3808 - NETBIOS-DG SMB veritas unicode bind attempt (netbios.rules)
 3809 - NETBIOS-DG SMB veritas unicode little endian alter context attempt (netbios.rules)
 3810 - NETBIOS-DG SMB veritas unicode little endian andx alter context attempt (netbios.rules)
 3811 - NETBIOS-DG SMB veritas unicode little endian andx bind attempt (netbios.rules)
 3812 - NETBIOS-DG SMB veritas unicode little endian bind attempt (netbios.rules)
 3813 - WEB-CGI awstats.pl configdir command execution attempt (web-cgi.rules)

Cheers
Matthew Watchinski
Director, Vulnerability Research
Sourcefire, Inc.





More information about the Snort-sigs mailing list