[Snort-sigs] new rule for detect Novell Netmail WebAdmin Buffer Overflow Vulnerability
paul at ...3292...
Thu Mar 15 22:54:35 EDT 2007
> please check and maybe add this new rule :
> web-misc.rules:alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 89
> (msg:"WEB-MISC Novell Netmail WebAdmin basic auth overflow attempt"; flow:to_server,established;
> content:"Authorization\: Basic "; nocase; isdataat:200,relative; content:!"|0A|";
> within:200; reference:cve,2007-1350; classtype:attempted-recon; sid:91655; rev:1;)
Just out of curiosity, is there a corresponding SSL version of the
vulerability, or is it only the plain HTTP port that is affected?
Did you know? Linux is a completely free operating system that provides
a vast array of software "out of the box", and represents a viable
alternative to expensive proprietary software. For more details, see:
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 252 bytes
Desc: OpenPGP digital signature
More information about the Snort-sigs