[Snort-sigs] Snort Community Rules Update

Sourcefire VRT research at ...435...
Fri Aug 18 15:54:39 EDT 2006


This message is to announce the availability of an update for the Sourcefire community rule set, which can be downloaded free of cost or registration from http://www.snort.org/pub-bin/downloads.cgi.

New rules in this release are identified as SIDs 100000849-100000873. These rules cover SQL injection, and remote file inclusion attacks against the IceWarp, ListMessenger, Professional Home Page Tools, Francisco Charrua Photo-Gallery, FlushCMS, PHPMyRing, powergap, CubeCart, and discloser 0.0.4 systems. Additionally, they detect access to a COM object which is vulnerable to memory corruption attacks. References for SIDs 100000227 and 100000229 were modified according to suggestions from "Gentoo Wally" on Snort-Sigs.

Sourcefire would like to thank urleet at ...2420... for submitting SIDs 100000864-100000873. As a reminder, anyone who wishes to submit rules may do so at http://www.snort.org/reg-bin/rulesubmit.cgi.

A list of modified rules and their SIDs follows.

Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.

100000227 || COMMUNITY MISC SNMP trap Format String detected
100000229 || COMMUNITY MISC Lotus Domino LDAP attack
100000849 || COMMUNITY WEB-PHP IceWarp include.php remote file include
100000850 || COMMUNITY WEB-PHP IceWarp include.php remote file include
100000851 || COMMUNITY WEB-PHP IceWarp include.php remote file include
100000852 || COMMUNITY WEB-PHP IceWarp include.php remote file include
100000853 || COMMUNITY WEB-PHP IceWarp settings.html remote file include
100000854 || COMMUNITY WEB-PHP ListMessenger listmessenger.php remote file include
100000855 || COMMUNITY WEB-PHP Professional Home Page Tools class.php SQL injection attempt
100000856 || COMMUNITY WEB-PHP Professional Home Page Tools class.php SQL injection attempt
100000857 || COMMUNITY WEB-PHP Professional Home Page Tools class.php SQL injection attempt
100000858 || COMMUNITY WEB-PHP Professional Home Page Tools class.php SQL injection attempt
100000859 || COMMUNITY WEB-PHP Professional Home Page Tools class.php SQL injection attempt
100000860 || COMMUNITY WEB-PHP Francisco Charrua Photo-Gallery room.php SQL injection attempt
100000861 || COMMUNITY WEB-PHP FlushCMS class.rich.php remote file include
100000862 || COMMUNITY WEB-PHP FlushCMS class.rich.php remote file include
100000863 || COMMUNITY WEB-PHP PHPMyRing view_com.php SQL injection attempt
100000864 || COMMUNITY WEB-CLIENT tsuserex.dll COM Object Instantiation Vulnerability
100000865 || COMMUNITY WEB-PHP powergap remote file Inclusion Exploit s01
100000866 || COMMUNITY WEB-PHP powergap remote file Inclusion Exploit s02
100000867 || COMMUNITY WEB-PHP powergap remote file Inclusion Exploit s03
100000868 || COMMUNITY WEB-PHP powergap remote file Inclusion Exploit s04
100000869 || COMMUNITY WEB-PHP powergap remote file Inclusion Exploit sid variant
100000870 || COMMUNITY WEB-PHP powergap remote file inclusion exploit sid variant 2
100000871 || COMMUNITY WEB-PHP CubeCart XSS attack
100000872 || COMMUNITY WEB-PHP CubeCart XSS attack
100000873 || COMMUNITY WEB-PHP discloser 0.0.4 Remote File Inclusion





More information about the Snort-sigs mailing list