[Snort-sigs] Snort Community Rules Update

Sourcefire VRT research at ...435...
Tue May 16 15:47:12 EDT 2006


This message is to announce the availability of an update for the 
Sourcefire community rule set, which can be downloaded free of cost or 
registration from http://www.snort.org/pub-bin/downloads.cgi.

New rules in this release are identified as SIDs 100000301-100000309. 
This update includes rules which detect a format string attack against 
the McAfee WebShield product; access to a pair of vulnerable parameters 
in the Ipswitch Whatsup Professional web suite; and potential remote 
file inclusion attacks against several vulnerable script/parameter pairs 
in the Gphoto web photography system.

A list of modified rules and their SIDs follows.

Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.

100000301 || COMMUNITY SMTP McAfee WebShield SMTP bounce message format 
string attempt
100000302 || COMMUNITY WEB-MISC DeviceSelection.asp sRedirectUrl 
parameter access
100000303 || COMMUNITY WEB-MISC DeviceSelection.asp sCancelURL parameter 
access
100000304 || COMMUNITY WEB-PHP Gphoto index.php rep parameter remote 
file include attempt
100000305 || COMMUNITY WEB-PHP Gphoto index.php image parameter remote 
file include attempt
100000306 || COMMUNITY WEB-PHP Gphoto diapho.php rep parameter remote 
file include attempt
100000307 || COMMUNITY WEB-PHP Gphoto diapho.php image parameter remote 
file include attempt
100000308 || COMMUNITY WEB-PHP Gphoto affich.php rep parameter remote 
file include attempt
100000309 || COMMUNITY WEB-PHP Gphoto affich.php image parameter remote 
file include attempt




More information about the Snort-sigs mailing list