[Snort-sigs] [Emerging-Sigs] Emerging Threats Weekly Signature Changes

Jackie Lai gclai at ...3345...
Mon Feb 25 05:04:59 EST 2008


>  207873 - ET WEB WinIPDS Directory Traversal Vulnerabilities POST 
> (bleeding-web.rules)

The SID seems to be a typo error? I think it should be 2007873.

========================
Jackie Lai, CISSP
mailto: gclai [at] draytek [dot] com
========================
----- Original Message ----- 
???: <emerging at ...3335...>
???: <snort-sigs at lists.sourceforge.net>; <emerging-sigs at ...3335...>
????: 2008?2?24? ?? 08:00
??: [Emerging-Sigs] Emerging Threats Weekly Signature Changes


>
> [***] Results from Oinkmaster started Sat Feb 23 19:00:09 2008 [***]
>
> [+++]          Added rules:          [+++]
>
>  207873 - ET WEB WinIPDS Directory Traversal Vulnerabilities POST 
> (bleeding-web.rules)
> 2007855 - ET MALWARE OneStepSearch Host Activity (bleeding-malware.rules)
> 2007856 - ET MALWARE System-defender.com Fake AV Install Checkin 
> (bleeding-malware.rules)
> 2007858 - ET TROJAN Delf Keylog FTP Upload (bleeding-virus.rules)
> 2007859 - ET MALWARE Suspicious User Agent - Possible Trojan Downloader 
> (microsoft) (bleeding-malware.rules)
> 2007860 - ET MALWARE Suspicious User Agent - Possible Trojan Downloader 
> (Internet Explorer 6.0) (bleeding-malware.rules)
> 2007861 - ET MALWARE Softcashier.com Spyware Install Checkin 
> (bleeding-malware.rules)
> 2007862 - ET TROJAN LDPinch Checkin (3) (bleeding-virus.rules)
> 2007863 - ET TROJAN Banload HTTP Checkin (bleeding-virus.rules)
> 2007864 - ET TROJAN Banload HTTP Checkin Detected (bleeding-virus.rules)
> 2007865 - ET MALWARE Winreanimator.com Fake AV Install Attempt 
> (bleeding-malware.rules)
> 2007866 - ET TROJAN Gadu-Gadu.pl Related Trojan Reporting via HTTP 
> (bleeding-virus.rules)
> 2007867 - ET TROJAN Delf HTTP Post Checkin (1) (bleeding-virus.rules)
> 2007868 - ET MALWARE Suspicious User Agent - Possible Trojan Downloader 
> (Firefox) (bleeding-malware.rules)
> 2007869 - ET MALWARE Vombanetwork Spyware User Agent 
> (VombaProductsInstaller) (bleeding-malware.rules)
> 2007870 - ET MALWARE Vombanetworks.com Spyware Installer Checkin 
> (bleeding-malware.rules)
> 2007871 - ET WEB Philips VOIP841 Web Server Directory Traversal 
> (bleeding-web.rules)
> 2007872 - ET WEB WinIPDS Directory Traversal Vulnerabilities GET 
> (bleeding-web.rules)
> 2007874 - ET EXPLOIT Now SMS/MMS Gateway HTTP BOF Vulnerability 
> (bleeding-exploit.rules)
> 2007875 - ET EXPLOIT Now SMS/MMS Gateway SMPP BOF Vulnerability 
> (bleeding-exploit.rules)
> 2007876 - ET EXPLOIT ExtremeZ-IP File and Print Server Multiple 
> Vulnerabilities - udp (bleeding-exploit.rules)
> 2007877 - ET EXPLOIT ExtremeZ-IP File and Print Server Multiple 
> Vulnerabilities - tcp (bleeding-exploit.rules)
> 2007878 - ET WEB Apple QuickTime <= 7.4.1 QTPlugin.ocx Multiple Remote 
> Stack Overflow (bleeding-web.rules)
> 2007879 - ET EXPLOIT Cyan Soft Products Format String Vulnerability 
> (bleeding-exploit.rules)
>
>
> [///]     Modified active rules:     [///]
>
> 2002157 - ET POLICY Skype User-Agent detected (bleeding-policy.rules)
> 2003070 - ET WORM Korgo.U Reporting (bleeding-virus.rules)
> 2003330 - ET POLICY Possible Spambot -- Host DNS MX Query High Count 
> (bleeding-policy.rules)
> 2400000 - ET DROP Spamhaus DROP Listed Traffic Inbound 
> (bleeding-drop.rules)
> 2400001 - ET DROP Spamhaus DROP Listed Traffic Inbound 
> (bleeding-drop.rules)
> 2400002 - ET DROP Spamhaus DROP Listed Traffic Inbound 
> (bleeding-drop.rules)
> 2400003 - ET DROP Spamhaus DROP Listed Traffic Inbound 
> (bleeding-drop.rules)
> 2400004 - ET DROP Spamhaus DROP Listed Traffic Inbound 
> (bleeding-drop.rules)
> 2401000 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE 
> (bleeding-drop-BLOCK.rules)
> 2401001 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE 
> (bleeding-drop-BLOCK.rules)
> 2401002 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE 
> (bleeding-drop-BLOCK.rules)
> 2401003 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE 
> (bleeding-drop-BLOCK.rules)
> 2401004 - ET DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE 
> (bleeding-drop-BLOCK.rules)
> 2402000 - ET DROP Dshield Block Listed Source (bleeding-dshield.rules)
> 2403000 - ET DROP Dshield Block Listed Source - BLOCKING 
> (bleeding-dshield-BLOCK.rules)
> 2404000 - ET DROP Known Bot C&C Server Traffic (group 1) 
> (bleeding-botcc.rules)
> 2404001 - ET DROP Known Bot C&C Server Traffic (group 2) 
> (bleeding-botcc.rules)
> 2404002 - ET DROP Known Bot C&C Server Traffic (group 3) 
> (bleeding-botcc.rules)
> 2404003 - ET DROP Known Bot C&C Server Traffic (group 4) 
> (bleeding-botcc.rules)
> 2404004 - ET DROP Known Bot C&C Server Traffic (group 5) 
> (bleeding-botcc.rules)
> 2404005 - ET DROP Known Bot C&C Server Traffic (group 6) 
> (bleeding-botcc.rules)
> 2404006 - ET DROP Known Bot C&C Server Traffic (group 7) 
> (bleeding-botcc.rules)
> 2404007 - ET DROP Known Bot C&C Server Traffic (group 8) 
> (bleeding-botcc.rules)
> 2404008 - ET DROP Known Bot C&C Server Traffic (group 9) 
> (bleeding-botcc.rules)
> 2404009 - ET DROP Known Bot C&C Server Traffic (group 10) 
> (bleeding-botcc.rules)
> 2404010 - ET DROP Known Bot C&C Server Traffic (group 11) 
> (bleeding-botcc.rules)
> 2404011 - ET DROP Known Bot C&C Server Traffic (group 12) 
> (bleeding-botcc.rules)
> 2404012 - ET DROP Known Bot C&C Server Traffic (group 13) 
> (bleeding-botcc.rules)
> 2404013 - ET DROP Known Bot C&C Server Traffic (group 14) 
> (bleeding-botcc.rules)
> 2404014 - ET DROP Known Bot C&C Server Traffic (group 15) 
> (bleeding-botcc.rules)
> 2404015 - ET DROP Known Bot C&C Server Traffic (group 16) 
> (bleeding-botcc.rules)
> 2404016 - ET DROP Known Bot C&C Server Traffic (group 17) 
> (bleeding-botcc.rules)
> 2404017 - ET DROP Known Bot C&C Server Traffic (group 18) 
> (bleeding-botcc.rules)
> 2405000 - ET DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE 
> (bleeding-botcc-BLOCK.rules)
> 2405001 - ET DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE 
> (bleeding-botcc-BLOCK.rules)
> 2405002 - ET DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE 
> (bleeding-botcc-BLOCK.rules)
> 2405003 - ET DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE 
> (bleeding-botcc-BLOCK.rules)
> 2405004 - ET DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE 
> (bleeding-botcc-BLOCK.rules)
> 2405005 - ET DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE 
> (bleeding-botcc-BLOCK.rules)
> 2405006 - ET DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE 
> (bleeding-botcc-BLOCK.rules)
> 2405007 - ET DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE 
> (bleeding-botcc-BLOCK.rules)
> 2405008 - ET DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE 
> (bleeding-botcc-BLOCK.rules)
> 2405009 - ET DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE 
> (bleeding-botcc-BLOCK.rules)
> 2405010 - ET DROP Known Bot C&C Traffic (group 11) - BLOCKING SOURCE 
> (bleeding-botcc-BLOCK.rules)
> 2405011 - ET DROP Known Bot C&C Traffic (group 12) - BLOCKING SOURCE 
> (bleeding-botcc-BLOCK.rules)
> 2405012 - ET DROP Known Bot C&C Traffic (group 13) - BLOCKING SOURCE 
> (bleeding-botcc-BLOCK.rules)
> 2405013 - ET DROP Known Bot C&C Traffic (group 14) - BLOCKING SOURCE 
> (bleeding-botcc-BLOCK.rules)
> 2405014 - ET DROP Known Bot C&C Traffic (group 15) - BLOCKING SOURCE 
> (bleeding-botcc-BLOCK.rules)
> 2405015 - ET DROP Known Bot C&C Traffic (group 16) - BLOCKING SOURCE 
> (bleeding-botcc-BLOCK.rules)
> 2405016 - ET DROP Known Bot C&C Traffic (group 17) - BLOCKING SOURCE 
> (bleeding-botcc-BLOCK.rules)
> 2405017 - ET DROP Known Bot C&C Traffic (group 18) - BLOCKING SOURCE 
> (bleeding-botcc-BLOCK.rules)
> 2406005 - ET RBN Known Russian Business Network Monitored Domains (1) 
> (bleeding-rbn.rules)
> 2406006 - ET RBN Known Russian Business Network Monitored Domains (2) 
> (bleeding-rbn.rules)
> 2406007 - ET RBN Known Russian Business Network Monitored Domains (3) 
> (bleeding-rbn.rules)
> 2406008 - ET RBN Known Russian Business Network Monitored Domains (4) 
> (bleeding-rbn.rules)
> 2406009 - ET RBN Known Russian Business Network Monitored Domains (5) 
> (bleeding-rbn.rules)
> 2406010 - ET RBN Known Russian Business Network Monitored Domains (6) 
> (bleeding-rbn.rules)
> 2406011 - ET RBN Known Russian Business Network Monitored Domains (7) 
> (bleeding-rbn.rules)
> 2406012 - ET RBN Known Russian Business Network Monitored Domains (8) 
> (bleeding-rbn.rules)
> 2406013 - ET RBN Known Russian Business Network Monitored Domains (9) 
> (bleeding-rbn.rules)
> 2406014 - ET RBN Known Russian Business Network Monitored Domains (10) 
> (bleeding-rbn.rules)
> 2406015 - ET RBN Known Russian Business Network Monitored Domains (11) 
> (bleeding-rbn.rules)
> 2406016 - ET RBN Known Russian Business Network Monitored Domains (12) 
> (bleeding-rbn.rules)
> 2406017 - ET RBN Known Russian Business Network Monitored Domains (13) 
> (bleeding-rbn.rules)
> 2406018 - ET RBN Known Russian Business Network Monitored Domains (14) 
> (bleeding-rbn.rules)
> 2406019 - ET RBN Known Russian Business Network Monitored Domains (15) 
> (bleeding-rbn.rules)
> 2406020 - ET RBN Known Russian Business Network Monitored Domains (16) 
> (bleeding-rbn.rules)
> 2406021 - ET RBN Known Russian Business Network Monitored Domains (17) 
> (bleeding-rbn.rules)
> 2406022 - ET RBN Known Russian Business Network Monitored Domains (18) 
> (bleeding-rbn.rules)
> 2406023 - ET RBN Known Russian Business Network Monitored Domains (19) 
> (bleeding-rbn.rules)
> 2406024 - ET RBN Known Russian Business Network Monitored Domains (20) 
> (bleeding-rbn.rules)
> 2406025 - ET RBN Known Russian Business Network Monitored Domains (21) 
> (bleeding-rbn.rules)
> 2406026 - ET RBN Known Russian Business Network Monitored Domains (22) 
> (bleeding-rbn.rules)
> 2406027 - ET RBN Known Russian Business Network Monitored Domains (23) 
> (bleeding-rbn.rules)
> 2406028 - ET RBN Known Russian Business Network Monitored Domains (24) 
> (bleeding-rbn.rules)
> 2406029 - ET RBN Known Russian Business Network Monitored Domains (25) 
> (bleeding-rbn.rules)
> 2406030 - ET RBN Known Russian Business Network Monitored Domains (26) 
> (bleeding-rbn.rules)
> 2406031 - ET RBN Known Russian Business Network Monitored Domains (27) 
> (bleeding-rbn.rules)
> 2406032 - ET RBN Known Russian Business Network Monitored Domains (28) 
> (bleeding-rbn.rules)
> 2406033 - ET RBN Known Russian Business Network Monitored Domains (29) 
> (bleeding-rbn.rules)
> 2406034 - ET RBN Known Russian Business Network Monitored Domains (30) 
> (bleeding-rbn.rules)
> 2407005 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (1) (bleeding-rbn-BLOCK.rules)
> 2407006 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (2) (bleeding-rbn-BLOCK.rules)
> 2407007 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (3) (bleeding-rbn-BLOCK.rules)
> 2407008 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (4) (bleeding-rbn-BLOCK.rules)
> 2407009 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (5) (bleeding-rbn-BLOCK.rules)
> 2407010 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (6) (bleeding-rbn-BLOCK.rules)
> 2407011 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (7) (bleeding-rbn-BLOCK.rules)
> 2407012 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (8) (bleeding-rbn-BLOCK.rules)
> 2407013 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (9) (bleeding-rbn-BLOCK.rules)
> 2407014 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (10) (bleeding-rbn-BLOCK.rules)
> 2407015 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (11) (bleeding-rbn-BLOCK.rules)
> 2407016 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (12) (bleeding-rbn-BLOCK.rules)
> 2407017 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (13) (bleeding-rbn-BLOCK.rules)
> 2407018 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (14) (bleeding-rbn-BLOCK.rules)
> 2407019 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (15) (bleeding-rbn-BLOCK.rules)
> 2407020 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (16) (bleeding-rbn-BLOCK.rules)
> 2407021 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (17) (bleeding-rbn-BLOCK.rules)
> 2407022 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (18) (bleeding-rbn-BLOCK.rules)
> 2407023 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (19) (bleeding-rbn-BLOCK.rules)
> 2407024 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (20) (bleeding-rbn-BLOCK.rules)
> 2407025 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (21) (bleeding-rbn-BLOCK.rules)
> 2407026 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (22) (bleeding-rbn-BLOCK.rules)
> 2407027 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (23) (bleeding-rbn-BLOCK.rules)
> 2407028 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (24) (bleeding-rbn-BLOCK.rules)
> 2407029 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (25) (bleeding-rbn-BLOCK.rules)
> 2407030 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (26) (bleeding-rbn-BLOCK.rules)
> 2407031 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (27) (bleeding-rbn-BLOCK.rules)
> 2407032 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (28) (bleeding-rbn-BLOCK.rules)
> 2407033 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (29) (bleeding-rbn-BLOCK.rules)
> 2407034 - ET RBN Known Russian Business Network Monitored Domains - 
> BLOCKING (30) (bleeding-rbn-BLOCK.rules)
>
>
> [+++]      Added non-rule lines:     [+++]
>
>     -> Added to bleeding-drop-BLOCK.rules (2):
>        #  VERSION 1066
>        #  Generated 2008-02-22 01:03:00 EDT
>
>     -> Added to bleeding-drop.rules (2):
>        #  VERSION 1066
>        #  Generated 2008-02-22 01:03:00 EDT
>
>     -> Added to bleeding-exploit.rules (3):
>        #by Akash Mahajan
>        #by Akash Mahajan
>        #by Akash Mahajan
>
>     -> Added to bleeding-malware.rules (2):
>        #by Will Metcalf
>        #fake av, sig by matt jonkman
>
>     -> Added to bleeding-rbn-BLOCK.rules (2):
>        #  VERSION 36
>        #  Updated 2008-02-21 10:21:51
>
>     -> Added to bleeding-rbn.rules (2):
>        #  VERSION 36
>        #  Updated 2008-02-21 10:21:51
>
>     -> Added to bleeding-sid-msg.map (24):
>        207873 || ET WEB WinIPDS Directory Traversal Vulnerabilities POST 
> || bugtraq,27757 || url,aluigi.altervista.org/adv/winipds-adv.txt
>        2007855 || ET MALWARE OneStepSearch Host Activity
>        2007856 || ET MALWARE System-defender.com Fake AV Install Checkin 
> || url,www.system-defender.com
>        2007858 || ET TROJAN Delf Keylog FTP Upload
>        2007859 || ET MALWARE Suspicious User Agent - Possible Trojan 
> Downloader (microsoft)
>        2007860 || ET MALWARE Suspicious User Agent - Possible Trojan 
> Downloader (Internet Explorer 6.0)
>        2007861 || ET MALWARE Softcashier.com Spyware Install Checkin
>        2007862 || ET TROJAN LDPinch Checkin (3)
>        2007863 || ET TROJAN Banload HTTP Checkin
>        2007864 || ET TROJAN Banload HTTP Checkin Detected
>        2007865 || ET MALWARE Winreanimator.com Fake AV Install Attempt || 
> url,www.winreanimator.com
>        2007866 || ET TROJAN Gadu-Gadu.pl Related Trojan Reporting via HTTP
>        2007867 || ET TROJAN Delf HTTP Post Checkin (1)
>        2007868 || ET MALWARE Suspicious User Agent - Possible Trojan 
> Downloader (Firefox)
>        2007869 || ET MALWARE Vombanetwork Spyware User Agent 
> (VombaProductsInstaller)
>        2007870 || ET MALWARE Vombanetworks.com Spyware Installer Checkin
>        2007871 || ET WEB Philips VOIP841 Web Server Directory Traversal || 
> bugtraq,27790 || url,www.milw0rm.com/exploits/5113
>        2007872 || ET WEB WinIPDS Directory Traversal Vulnerabilities GET 
> || bugtraq,27757 || url,aluigi.altervista.org/adv/winipds-adv.txt
>        2007874 || ET EXPLOIT Now SMS/MMS Gateway HTTP BOF Vulnerability || 
> url,aluigi.altervista.org/adv/nowsmsz-adv.txt || bugtraq,27896
>        2007875 || ET EXPLOIT Now SMS/MMS Gateway SMPP BOF Vulnerability || 
> url,aluigi.altervista.org/adv/nowsmsz-adv.txt || bugtraq,27896
>        2007876 || ET EXPLOIT ExtremeZ-IP File and Print Server Multiple 
> Vulnerabilities - udp || cve,CVE-2008-0767 || 
> url,aluigi.altervista.org/adv/ezipirla-adv.txt || bugtraq,27718
>        2007877 || ET EXPLOIT ExtremeZ-IP File and Print Server Multiple 
> Vulnerabilities - tcp || cve,CVE-2008-0759 || 
> url,aluigi.altervista.org/adv/ezipirla-adv.txt || bugtraq,27718
>        2007878 || ET WEB Apple QuickTime <= 7.4.1 QTPlugin.ocx Multiple 
> Remote Stack Overflow || url,www.milw0rm.com/exploits/5110 || 
> cve,CVE-2008-0778 || bugtraq,27769
>        2007879 || ET EXPLOIT Cyan Soft Products Format String 
> Vulnerability || url,aluigi.altervista.org/adv/cyanuro-adv.txt || 
> bugtraq,27728 || cve,CVE-2008-0755
>
>     -> Added to bleeding-sid-msg.map.txt (24):
>        207873 || ET WEB WinIPDS Directory Traversal Vulnerabilities POST 
> || bugtraq,27757 || url,aluigi.altervista.org/adv/winipds-adv.txt
>        2007855 || ET MALWARE OneStepSearch Host Activity
>        2007856 || ET MALWARE System-defender.com Fake AV Install Checkin 
> || url,www.system-defender.com
>        2007858 || ET TROJAN Delf Keylog FTP Upload
>        2007859 || ET MALWARE Suspicious User Agent - Possible Trojan 
> Downloader (microsoft)
>        2007860 || ET MALWARE Suspicious User Agent - Possible Trojan 
> Downloader (Internet Explorer 6.0)
>        2007861 || ET MALWARE Softcashier.com Spyware Install Checkin
>        2007862 || ET TROJAN LDPinch Checkin (3)
>        2007863 || ET TROJAN Banload HTTP Checkin
>        2007864 || ET TROJAN Banload HTTP Checkin Detected
>        2007865 || ET MALWARE Winreanimator.com Fake AV Install Attempt || 
> url,www.winreanimator.com
>        2007866 || ET TROJAN Gadu-Gadu.pl Related Trojan Reporting via HTTP
>        2007867 || ET TROJAN Delf HTTP Post Checkin (1)
>        2007868 || ET MALWARE Suspicious User Agent - Possible Trojan 
> Downloader (Firefox)
>        2007869 || ET MALWARE Vombanetwork Spyware User Agent 
> (VombaProductsInstaller)
>        2007870 || ET MALWARE Vombanetworks.com Spyware Installer Checkin
>        2007871 || ET WEB Philips VOIP841 Web Server Directory Traversal || 
> bugtraq,27790 || url,www.milw0rm.com/exploits/5113
>        2007872 || ET WEB WinIPDS Directory Traversal Vulnerabilities GET 
> || bugtraq,27757 || url,aluigi.altervista.org/adv/winipds-adv.txt
>        2007874 || ET EXPLOIT Now SMS/MMS Gateway HTTP BOF Vulnerability || 
> url,aluigi.altervista.org/adv/nowsmsz-adv.txt || bugtraq,27896
>        2007875 || ET EXPLOIT Now SMS/MMS Gateway SMPP BOF Vulnerability || 
> url,aluigi.altervista.org/adv/nowsmsz-adv.txt || bugtraq,27896
>        2007876 || ET EXPLOIT ExtremeZ-IP File and Print Server Multiple 
> Vulnerabilities - udp || cve,CVE-2008-0767 || 
> url,aluigi.altervista.org/adv/ezipirla-adv.txt || bugtraq,27718
>        2007877 || ET EXPLOIT ExtremeZ-IP File and Print Server Multiple 
> Vulnerabilities - tcp || cve,CVE-2008-0759 || 
> url,aluigi.altervista.org/adv/ezipirla-adv.txt || bugtraq,27718
>        2007878 || ET WEB Apple QuickTime <= 7.4.1 QTPlugin.ocx Multiple 
> Remote Stack Overflow || url,www.milw0rm.com/exploits/5110 || 
> cve,CVE-2008-0778 || bugtraq,27769
>        2007879 || ET EXPLOIT Cyan Soft Products Format String 
> Vulnerability || url,aluigi.altervista.org/adv/cyanuro-adv.txt || 
> bugtraq,27728 || cve,CVE-2008-0755
>
>     -> Added to bleeding-virus.rules (2):
>        #delf keylog upload, kinda flimsy but works
>        #spyware/trojan/backdoors all reported here. sig by matt jonkman
>
>     -> Added to bleeding-web.rules (3):
>        #by Akash Mahajan
>        #by Akash Mahajan
>        #by Akash Mahajan
>
> [---]     Removed non-rule lines:    [---]
>
>     -> Removed from bleeding-drop-BLOCK.rules (2):
>        #  VERSION 1060
>        #  Generated 2008-02-16 01:03:00 EDT
>
>     -> Removed from bleeding-drop.rules (2):
>        #  VERSION 1060
>        #  Generated 2008-02-16 01:03:00 EDT
>
>     -> Removed from bleeding-rbn-BLOCK.rules (2):
>        #  VERSION 35
>        #  Updated 2008-02-08 16:03:09
>
>     -> Removed from bleeding-rbn.rules (2):
>        #  VERSION 35
>        #  Updated 2008-02-08 16:03:09
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at ...3335...
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
> -- 
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.516 / Virus Database: 269.20.9/1293 - Release Date: 2008/2/22 
> ¤W¤È 09:21
>
> 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.





More information about the Snort-sigs mailing list