[Snort-sigs] new rule for detect Novell Netmail WebAdmin Buffer Overflow Vulnerability

Paul Gear paul at ...3292...
Thu Mar 15 22:54:35 EDT 2007


rmkml wrote:
> Hi,
> 
> please check and maybe add this new rule :
> 
> web-misc.rules:alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 89 
> (msg:"WEB-MISC Novell Netmail WebAdmin basic auth overflow attempt"; flow:to_server,established; 
> content:"Authorization\: Basic "; nocase; isdataat:200,relative; content:!"|0A|"; 
> within:200; reference:cve,2007-1350; classtype:attempted-recon; sid:91655; rev:1;)

Just out of curiosity, is there a corresponding SSL version of the
vulerability, or is it only the plain HTTP port that is affected?

-- 
Paul
<http://paulgear.webhop.net>
--
Did you know?  Linux is a completely free operating system that provides
a vast array of software "out of the box", and represents a viable
alternative to expensive proprietary software.  For more details, see:
http://consumer.hardocp.com/article.html?art=MTI5OCwxLCxoY29uc3VtZXI=

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20070316/935cfd8a/attachment.sig>


More information about the Snort-sigs mailing list