[Snort-sigs] Sourcefire VRT Certified Rules Update
research at ...435...
Wed May 24 12:21:02 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Sourcefire VRT Certified Rules Update
The Sourcefire VRT has learned of vulnerabilities affecting hosts using
RealVNC is a multi platform remote administration tool that allows
networked hosts to connect to other hosts or mobile devices. It has a
client-server architecture that requires the remote user to
authenticate on connection to a RealVNC server.
A programming error in the authentication mechanism for RealVNC may
allow an attacker to gain access to the host without supplying the
Rules to detect attacks against this vulnerability are included in this
rule pack and are identified as sids 6469 through 6471.
In response to continued feedback regarding the spyware-put rules, the
Sourcefire VRT is continuing to improve coverage provided by these
rules and the accuracy of detection. This rulepack contains
modifications to this set of rules.
6467 - CHAT jabber traffic detected (chat.rules)
6468 - CHAT jabber file transfer request (chat.rules)
6469 - EXPLOIT RealVNC connection attempt (exploit.rules)
6470 - EXPLOIT RealVNC authentication types sent attempt
6471 - EXPLOIT RealVNC password authentication bypass vulnerability
~ 108 - BACKDOOR QAZ Worm Client Login access (backdoor.rules)
6021 - BACKDOOR silent spy 2.10 command response port 4225
6022 - BACKDOOR silent spy 2.10 command response port 4226
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Snort-sigs