[Snort-sigs] Snort Community Rules Update

Sourcefire VRT research at ...435...
Tue May 9 14:12:03 EDT 2006


This message is to announce the availability of an update for the 
Sourcefire community rule set, which can be downloaded free of cost or 
registration from http://www.snort.org/pub-bin/downloads.cgi.

New rules in this release are identified as SIDs 100000285-100000300. 
This update includes rules which detect a remote file inclusion 
vulnerability in the ldap_var.inc.php file from the Dokeos knowledge 
management tool; unauthorized administrative access to the X-Poll 
software package; and access to multiple vulnerable pages in the 
Claroline web application.

A list of modified rules and their SIDs follows.

Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.

100000285 || COMMUNITY WEB-PHP ldap_var.inc.php remote file include attempt
100000286 || COMMUNITY WEB-PHP X Poll admin access
100000287 || COMMUNITY WEB-PHP Claroline ldap.inc.php access
100000288 || COMMUNITY WEB-PHP Claroline atutor.inc.php access
100000289 || COMMUNITY WEB-PHP Claroline db-generic.inc.php access
100000290 || COMMUNITY WEB-PHP Claroline docebo.inc.php access
100000291 || COMMUNITY WEB-PHP Claroline dokeos.1.6.inc.php access
100000292 || COMMUNITY WEB-PHP Claroline dokeos.inc.php access
100000293 || COMMUNITY WEB-PHP Claroline ganesha.inc.php access
100000294 || COMMUNITY WEB-PHP Claroline mambo.inc.php access
100000295 || COMMUNITY WEB-PHP Claroline moodle.inc.php access
100000296 || COMMUNITY WEB-PHP Claroline phpnuke.inc.php access
100000297 || COMMUNITY WEB-PHP Claroline postnuke.inc.php access
100000298 || COMMUNITY WEB-PHP Claroline spip.inc.php access
100000299 || COMMUNITY WEB-PHP Claroline 
event/init_event_manager.inc.php access
100000300 || COMMUNITY WEB-PHP Claroline export_exe_tracking.class.php 
access




More information about the Snort-sigs mailing list