[Snort-sigs] new rule for detect Novell Netmail WebAdmin Buffer Overflow Vulnerability

rmkml rmkml at ...324...
Wed Mar 7 15:52:26 EST 2007


Hi,

please check and maybe add this new rule :

web-misc.rules:alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 89 
(msg:"WEB-MISC Novell Netmail WebAdmin basic auth overflow attempt"; flow:to_server,established; 
content:"Authorization\: Basic "; nocase; isdataat:200,relative; content:!"|0A|"; 
within:200; reference:cve,2007-1350; classtype:attempted-recon; sid:91655; rev:1;)

Any suggestions and improvements are welcome,

Credits:
Crusoe Researches
http://www.Crusoe-Researches.com
contact at ...3281...

Azwalaro French nidps open source project
http://www.Crusoe-Researches.com/azwalaro/
azwalaro at ...3281...

Regards
Rmkml




More information about the Snort-sigs mailing list