[Snort-sigs] Sourcefire VRT Certified Rules Update

Sourcefire VRT research at ...435...
Thu Jun 15 15:30:56 EDT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Rules Update

Synopsis:
The Sourcefire VRT has learned of multiple vulnerabilities affecting
Microsoft Internet Explorer, Windows Media Player and the Microsoft
Operating System.


Details:
Microsoft Security Bulletin MS06-021
Internet Explorer does not correctly handle input to certain ActiveX
controls.  It is possible for an attacker to supply data of their
choosing to the DXImageTransform.Microsoft.Light ActiveX control and
execute code on the affected host.

Rules to detect attacks against this vulnerability are included in this
rule pack and are identified as sids 6516 through 6519 and 6680 through
6687.

Microsoft Security Bulletin MS06-024
Windows Media Player is vulnerable to a stack based buffer overflow
condition that can be exploited by an attacker via a PNG image with a
large chunk size.

Rules to detect attacks against this vulnerability are included in this
rule pack and are identified as sids 6688 through 6701.

Microsoft Security Bulletin MS06-025
Microsoft operating systems using Routing and Remote Access (RRAS) are
vulnerable to a memory corruption problem that may be exploited by
unauthenticated users. This may lead to code of the attackers choosing
being run on an affected host.

Rules to detect attacks against this vulnerability are included in this
rule pack and are identified as sids 6584 through 6679.

Microsoft Security Bulletin MS06-032
The TCP/IP stack in Microsoft Windows systems is vulnerable to remote
code execution. The stack does not correctly process loose and strict
source code routing packets which may present an attacker with the
opportunity to execute code of their choosing on an affected system.

Rules to detect attacks against this vulnerability are already
available and are identified as sids 500 and 502.



New rules:
6513 - EXPLOIT Asterisk IAX2 truncated video mini-frame packet overflow
attempt (exploit.rules)
6514 - EXPLOIT Asterisk IAX2 truncated full-frame packet overflow
attempt (exploit.rules)
6515 - EXPLOIT Asterisk IAX2 truncated mini-frame packet overflow
attempt (exploit.rules)
6516 - WEB-CLIENT DXImageTransform.Microsoft.Light ActiveX function
call access (web-client.rules)
6517 - WEB-CLIENT DXImageTransform.Microsoft.Light ActiveX CLSID access
(web-client.rules)
6518 - WEB-CLIENT DXImageTransform.Microsoft.Light ActiveX CLSID
unicode access (web-client.rules)
6519 - DELETED WEB-CLIENT DXImageTransform.Microsoft.Light ActiveX
function call access (deleted.rules)
6520 - NETBIOS SMB rras alter context attempt (netbios.rules)
6521 - NETBIOS SMB rras unicode alter context attempt (netbios.rules)
6522 - NETBIOS SMB rras WriteAndX alter context attempt (netbios.rules)
6523 - NETBIOS SMB rras WriteAndX unicode alter context attempt
(netbios.rules)
6524 - NETBIOS SMB-DS rras alter context attempt (netbios.rules)
6525 - NETBIOS SMB-DS rras WriteAndX alter context attempt
(netbios.rules)
6526 - NETBIOS SMB-DS rras unicode alter context attempt
(netbios.rules)
6527 - NETBIOS SMB-DS rras WriteAndX unicode alter context attempt
(netbios.rules)
6528 - NETBIOS SMB rras little endian alter context attempt
(netbios.rules)
6529 - NETBIOS SMB rras WriteAndX little endian alter context attempt
(netbios.rules)
6530 - NETBIOS SMB rras unicode little endian alter context attempt
(netbios.rules)
6531 - NETBIOS SMB rras WriteAndX unicode little endian alter context
attempt (netbios.rules)
6532 - NETBIOS SMB-DS rras little endian alter context attempt
(netbios.rules)
6533 - NETBIOS SMB-DS rras WriteAndX little endian alter context
attempt (netbios.rules)
6534 - NETBIOS SMB-DS rras unicode little endian alter context attempt
(netbios.rules)
6535 - NETBIOS SMB-DS rras WriteAndX unicode little endian alter
context attempt (netbios.rules)
6536 - NETBIOS SMB rras bind attempt (netbios.rules)
6537 - NETBIOS SMB rras unicode bind attempt (netbios.rules)
6538 - NETBIOS SMB rras WriteAndX bind attempt (netbios.rules)
6539 - NETBIOS SMB rras WriteAndX unicode bind attempt (netbios.rules)
6540 - NETBIOS SMB-DS rras bind attempt (netbios.rules)
6541 - NETBIOS SMB-DS rras WriteAndX bind attempt (netbios.rules)
6542 - NETBIOS SMB-DS rras unicode bind attempt (netbios.rules)
6543 - NETBIOS SMB-DS rras WriteAndX unicode bind attempt
(netbios.rules)
6544 - NETBIOS SMB rras little endian bind attempt (netbios.rules)
6545 - NETBIOS SMB rras WriteAndX little endian bind attempt
(netbios.rules)
6546 - NETBIOS SMB rras unicode little endian bind attempt
(netbios.rules)
6547 - NETBIOS SMB rras WriteAndX unicode little endian bind attempt
(netbios.rules)
6548 - NETBIOS SMB-DS rras little endian bind attempt (netbios.rules)
6549 - NETBIOS SMB-DS rras WriteAndX little endian bind attempt
(netbios.rules)
6550 - NETBIOS SMB-DS rras unicode little endian bind attempt
(netbios.rules)
6551 - NETBIOS SMB-DS rras WriteAndX unicode little endian bind attempt
(netbios.rules)
6552 - NETBIOS SMB rras andx alter context attempt (netbios.rules)
6553 - NETBIOS SMB rras unicode andx alter context attempt
(netbios.rules)
6554 - NETBIOS SMB rras WriteAndX andx alter context attempt
(netbios.rules)
6555 - NETBIOS SMB rras WriteAndX unicode andx alter context attempt
(netbios.rules)
6556 - NETBIOS SMB-DS rras andx alter context attempt (netbios.rules)
6557 - NETBIOS SMB-DS rras WriteAndX andx alter context attempt
(netbios.rules)
6558 - NETBIOS SMB-DS rras unicode andx alter context attempt
(netbios.rules)
6559 - NETBIOS SMB-DS rras WriteAndX unicode andx alter context attempt
(netbios.rules)
6560 - NETBIOS SMB rras little endian andx alter context attempt
(netbios.rules)
6561 - NETBIOS SMB rras WriteAndX little endian andx alter context
attempt (netbios.rules)
6562 - NETBIOS SMB rras unicode little endian andx alter context
attempt (netbios.rules)
6563 - NETBIOS SMB rras WriteAndX unicode little endian andx alter
context attempt (netbios.rules)
6564 - NETBIOS SMB-DS rras little endian andx alter context attempt
(netbios.rules)
6565 - NETBIOS SMB-DS rras WriteAndX little endian andx alter context
attempt (netbios.rules)
6566 - NETBIOS SMB-DS rras unicode little endian andx alter context
attempt (netbios.rules)
6567 - NETBIOS SMB-DS rras WriteAndX unicode little endian andx alter
context attempt (netbios.rules)
6568 - NETBIOS SMB rras andx bind attempt (netbios.rules)
6569 - NETBIOS SMB rras unicode andx bind attempt (netbios.rules)
6570 - NETBIOS SMB rras WriteAndX andx bind attempt (netbios.rules)
6571 - NETBIOS SMB rras WriteAndX unicode andx bind attempt
(netbios.rules)
6572 - NETBIOS SMB-DS rras andx bind attempt (netbios.rules)
6573 - NETBIOS SMB-DS rras WriteAndX andx bind attempt (netbios.rules)
6574 - NETBIOS SMB-DS rras unicode andx bind attempt (netbios.rules)
6575 - NETBIOS SMB-DS rras WriteAndX unicode andx bind attempt
(netbios.rules)
6576 - NETBIOS SMB rras little endian andx bind attempt (netbios.rules)
6577 - NETBIOS SMB rras WriteAndX little endian andx bind attempt
(netbios.rules)
6578 - NETBIOS SMB rras unicode little endian andx bind attempt
(netbios.rules)
6579 - NETBIOS SMB rras WriteAndX unicode little endian andx bind
attempt (netbios.rules)
6580 - NETBIOS SMB-DS rras little endian andx bind attempt
(netbios.rules)
6581 - NETBIOS SMB-DS rras WriteAndX little endian andx bind attempt
(netbios.rules)
6582 - NETBIOS SMB-DS rras unicode little endian andx bind attempt
(netbios.rules)
6583 - NETBIOS SMB-DS rras WriteAndX unicode little endian andx bind
attempt (netbios.rules)
6584 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest little endian
overflow attempt (netbios.rules)
6585 - NETBIOS SMB v4 rras RasRpcSubmitRequest WriteAndX little endian
overflow attempt (netbios.rules)
6586 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX unicode
overflow attempt (netbios.rules)
6587 - NETBIOS SMB v4 rras RasRpcSubmitRequest unicode little endian
overflow attempt (netbios.rules)
6588 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX little
endian overflow attempt (netbios.rules)
6589 - NETBIOS SMB v4 rras RasRpcSubmitRequest WriteAndX unicode little
endian overflow attempt (netbios.rules)
6590 - NETBIOS SMB rras RasRpcSubmitRequest overflow attempt
(netbios.rules)
6591 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX overflow
attempt (netbios.rules)
6592 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX unicode overflow
attempt (netbios.rules)
6593 - NETBIOS SMB rras RasRpcSubmitRequest unicode overflow attempt
(netbios.rules)
6594 - NETBIOS SMB-DS rras RasRpcSubmitRequest unicode overflow attempt
(netbios.rules)
6595 - NETBIOS SMB v4 rras RasRpcSubmitRequest overflow attempt
(netbios.rules)
6596 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX overflow
attempt (netbios.rules)
6597 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest unicode little endian
overflow attempt (netbios.rules)
6598 - NETBIOS SMB v4 rras RasRpcSubmitRequest WriteAndX unicode
overflow attempt (netbios.rules)
6599 - NETBIOS SMB v4 rras RasRpcSubmitRequest unicode overflow attempt
(netbios.rules)
6600 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest unicode overflow
attempt (netbios.rules)
6601 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest overflow attempt
(netbios.rules)
6602 - NETBIOS SMB v4 rras RasRpcSubmitRequest WriteAndX overflow
attempt (netbios.rules)
6603 - NETBIOS SMB-DS rras RasRpcSubmitRequest little endian overflow
attempt (netbios.rules)
6604 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode little
endian overflow attempt (netbios.rules)
6605 - NETBIOS SMB rras RasRpcSubmitRequest little endian overflow
attempt (netbios.rules)
6606 - NETBIOS SMB v4 rras RasRpcSubmitRequest little endian overflow
attempt (netbios.rules)
6607 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX unicode little
endian overflow attempt (netbios.rules)
6608 - NETBIOS SMB-DS rras RasRpcSubmitRequest little endian object
call overflow attempt (netbios.rules)
6609 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode little
endian object call overflow attempt (netbios.rules)
6610 - NETBIOS SMB rras RasRpcSubmitRequest little endian object call
overflow attempt (netbios.rules)
6611 - NETBIOS SMB-DS rras RasRpcSubmitRequest overflow attempt
(netbios.rules)
6612 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX overflow attempt
(netbios.rules)
6613 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode
overflow attempt (netbios.rules)
6614 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX little endian
overflow attempt (netbios.rules)
6615 - NETBIOS SMB rras RasRpcSubmitRequest unicode little endian
overflow attempt (netbios.rules)
6616 - NETBIOS SMB-DS rras RasRpcSubmitRequest unicode little endian
overflow attempt (netbios.rules)
6617 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX little endian
overflow attempt (netbios.rules)
6618 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX unicode
little endian overflow attempt (netbios.rules)
6619 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX unicode little
endian object call overflow attempt (netbios.rules)
6620 - NETBIOS SMB rras RasRpcSubmitRequest object call overflow
attempt (netbios.rules)
6621 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX object call
overflow attempt (netbios.rules)
6622 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX unicode object
call overflow attempt (netbios.rules)
6623 - NETBIOS SMB rras RasRpcSubmitRequest unicode object call
overflow attempt (netbios.rules)
6624 - NETBIOS SMB-DS rras RasRpcSubmitRequest unicode object call
overflow attempt (netbios.rules)
6625 - NETBIOS SMB-DS rras RasRpcSubmitRequest object call overflow
attempt (netbios.rules)
6626 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX object call
overflow attempt (netbios.rules)
6627 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode object
call overflow attempt (netbios.rules)
6628 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX little endian
object call overflow attempt (netbios.rules)
6629 - NETBIOS SMB rras RasRpcSubmitRequest unicode little endian
object call overflow attempt (netbios.rules)
6630 - NETBIOS SMB-DS rras RasRpcSubmitRequest unicode little endian
object call overflow attempt (netbios.rules)
6631 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX little endian
object call overflow attempt (netbios.rules)
6632 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest little endian andx
overflow attempt (netbios.rules)
6633 - NETBIOS SMB v4 rras RasRpcSubmitRequest WriteAndX little endian
andx overflow attempt (netbios.rules)
6634 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX unicode
andx overflow attempt (netbios.rules)
6635 - NETBIOS SMB v4 rras RasRpcSubmitRequest unicode little endian
andx overflow attempt (netbios.rules)
6636 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX little
endian andx overflow attempt (netbios.rules)
6637 - NETBIOS SMB v4 rras RasRpcSubmitRequest WriteAndX unicode little
endian andx overflow attempt (netbios.rules)
6638 - NETBIOS SMB rras RasRpcSubmitRequest andx overflow attempt
(netbios.rules)
6639 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX andx overflow
attempt (netbios.rules)
6640 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX unicode andx
overflow attempt (netbios.rules)
6641 - NETBIOS SMB rras RasRpcSubmitRequest unicode andx overflow
attempt (netbios.rules)
6642 - NETBIOS SMB-DS rras RasRpcSubmitRequest unicode andx overflow
attempt (netbios.rules)
6643 - NETBIOS SMB v4 rras RasRpcSubmitRequest andx overflow attempt
(netbios.rules)
6644 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX andx
overflow attempt (netbios.rules)
6645 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest unicode little endian
andx overflow attempt (netbios.rules)
6646 - NETBIOS SMB v4 rras RasRpcSubmitRequest WriteAndX unicode andx
overflow attempt (netbios.rules)
6647 - NETBIOS SMB v4 rras RasRpcSubmitRequest unicode andx overflow
attempt (netbios.rules)
6648 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest unicode andx overflow
attempt (netbios.rules)
6649 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest andx overflow attempt
(netbios.rules)
6650 - NETBIOS SMB v4 rras RasRpcSubmitRequest WriteAndX andx overflow
attempt (netbios.rules)
6651 - NETBIOS SMB-DS rras RasRpcSubmitRequest little endian andx
overflow attempt (netbios.rules)
6652 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode little
endian andx overflow attempt (netbios.rules)
6653 - NETBIOS SMB rras RasRpcSubmitRequest little endian andx overflow
attempt (netbios.rules)
6654 - NETBIOS SMB v4 rras RasRpcSubmitRequest little endian andx
overflow attempt (netbios.rules)
6655 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX unicode little
endian andx overflow attempt (netbios.rules)
6656 - NETBIOS SMB-DS rras RasRpcSubmitRequest little endian andx
object call overflow attempt (netbios.rules)
6657 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode little
endian andx object call overflow attempt (netbios.rules)
6658 - NETBIOS SMB rras RasRpcSubmitRequest little endian andx object
call overflow attempt (netbios.rules)
6659 - NETBIOS SMB-DS rras RasRpcSubmitRequest andx overflow attempt
(netbios.rules)
6660 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX andx overflow
attempt (netbios.rules)
6661 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode andx
overflow attempt (netbios.rules)
6662 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX little endian
andx overflow attempt (netbios.rules)
6663 - NETBIOS SMB rras RasRpcSubmitRequest unicode little endian andx
overflow attempt (netbios.rules)
6664 - NETBIOS SMB-DS rras RasRpcSubmitRequest unicode little endian
andx overflow attempt (netbios.rules)
6665 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX little endian
andx overflow attempt (netbios.rules)
6666 - NETBIOS SMB-DS v4 rras RasRpcSubmitRequest WriteAndX unicode
little endian andx overflow attempt (netbios.rules)
6667 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX unicode little
endian andx object call overflow attempt (netbios.rules)
6668 - NETBIOS SMB rras RasRpcSubmitRequest andx object call overflow
attempt (netbios.rules)
6669 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX andx object
call overflow attempt (netbios.rules)
6670 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX unicode andx
object call overflow attempt (netbios.rules)
6671 - NETBIOS SMB rras RasRpcSubmitRequest unicode andx object call
overflow attempt (netbios.rules)
6672 - NETBIOS SMB-DS rras RasRpcSubmitRequest unicode andx object call
overflow attempt (netbios.rules)
6673 - NETBIOS SMB-DS rras RasRpcSubmitRequest andx object call
overflow attempt (netbios.rules)
6674 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX andx object call
overflow attempt (netbios.rules)
6675 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX unicode andx
object call overflow attempt (netbios.rules)
6676 - NETBIOS SMB-DS rras RasRpcSubmitRequest WriteAndX little endian
andx object call overflow attempt (netbios.rules)
6677 - NETBIOS SMB rras RasRpcSubmitRequest unicode little endian andx
object call overflow attempt (netbios.rules)
6678 - NETBIOS SMB-DS rras RasRpcSubmitRequest unicode little endian
andx object call overflow attempt (netbios.rules)
6679 - NETBIOS SMB rras RasRpcSubmitRequest WriteAndX little endian
andx object call overflow attempt (netbios.rules)
6680 - WEB-CLIENT Windows Media Transform Effects ActiveX CLSID unicode
access (web-client.rules)
6681 - WEB-CLIENT Windows Media Transform Effects ActiveX CLSID access
(web-client.rules)
6682 - WEB-CLIENT DXImageTransform.Microsoft.MMSpecialEffect2Inputs
ActiveX function call access (web-client.rules)
6683 - WEB-CLIENT DXImageTransform.Microsoft.MMSpecialEffect1Input
ActiveX CLSID unicode access (web-client.rules)
6684 - WEB-CLIENT DXImageTransform.Microsoft.MMSpecialEffect1Input
ActiveX CLSID access (web-client.rules)
6685 - WEB-CLIENT DXImageTransform.Microsoft.MMSpecialEffect2Inputs
ActiveX CLSID unicode access (web-client.rules)
6686 - WEB-CLIENT DXImageTransform.Microsoft.MMSpecialEffect2Inputs
ActiveX CLSID access (web-client.rules)
6687 - WEB-CLIENT DXImageTransform.Microsoft.MMSpecialEffect1Input
ActiveX function call access (web-client.rules)
6688 - WEB-CLIENT PNG file transfer (web-client.rules)
6689 - WEB-CLIENT Malformed PNG detected cHRM overflow attempt
(web-client.rules)
6690 - WEB-CLIENT Malformed PNG detected iCCP overflow attempt
(web-client.rules)
6691 - WEB-CLIENT Malformed PNG detected sBIT overflow attempt
(web-client.rules)
6692 - WEB-CLIENT Malformed PNG detected sRGB overflow attempt
(web-client.rules)
6693 - WEB-CLIENT Malformed PNG detected bKGD overflow attempt
(web-client.rules)
6694 - WEB-CLIENT Malformed PNG detected hIST overflow attempt
(web-client.rules)
6695 - WEB-CLIENT Malformed PNG detected tRNS overflow attempt
(web-client.rules)
6696 - WEB-CLIENT Malformed PNG detected pHYs overflow attempt
(web-client.rules)
6697 - WEB-CLIENT Malformed PNG detected sPLT overflow attempt
(web-client.rules)
6698 - WEB-CLIENT Malformed PNG detected tIME overflow attempt
(web-client.rules)
6699 - WEB-CLIENT Malformed PNG detected iTXt overflow attempt
(web-client.rules)
6700 - WEB-CLIENT Malformed PNG detected tEXt overflow attempt
(web-client.rules)
6701 - WEB-CLIENT Malformed PNG detected zTXt overflow attempt
(web-client.rules)

Updated rules:
3628 - POLICY Data Rescue IDA Pro startup license check attempt
(policy.rules)
5913 - SPYWARE-PUT Trickler smasoft webdownloader runtime detection
(spyware-put.rules)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEkbVvMpm0ve0NhMcRAvMSAJ9F7yRudWxdjLgMxzk88VE5qkSuDACgjfRD
XYCTc2/EPdKN/4hAwMwjRfo=
=36zd
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list