Hosting Provided By

[snort-cvs] CVS: snort - cazz

From: Brian Caswell <cazz(at)users.sourceforge.net>
Date: Sat Mar 20 2004 - 16:58:44 EST

CVSROOT:	/cvsroot/snort
Module name:	snort
Changes by:	cazz@sc8-pr-cvs1.sourceforge.net	2004/03/20 13:58:44

Modified files:
	doc/signatures : 1229.txt 1444.txt 276.txt 527.txt 
	etc            : sid sid-msg.map snort.conf 
	rules          : attack-responses.rules backdoor.rules 
	                 bad-traffic.rules chat.rules ddos.rules 
	                 deleted.rules dns.rules dos.rules 
	                 experimental.rules exploit.rules finger.rules 
	                 ftp.rules icmp-info.rules icmp.rules imap.rules 
	                 info.rules local.rules misc.rules 
	                 multimedia.rules mysql.rules netbios.rules 
	                 nntp.rules oracle.rules other-ids.rules 
	                 p2p.rules policy.rules pop2.rules pop3.rules 
	                 rpc.rules rservices.rules scan.rules 
	                 shellcode.rules smtp.rules snmp.rules sql.rules 
	                 telnet.rules tftp.rules virus.rules 
	                 web-attacks.rules web-cgi.rules 
	                 web-client.rules web-coldfusion.rules 
	                 web-frontpage.rules web-iis.rules 
	                 web-misc.rules web-php.rules x11.rules 
Added files:
	doc/signatures : 2381.txt 2400.txt 2409.txt 2411.txt 2412.txt 
	                 2413.txt 2414.txt 2415.txt 2416.txt 2417.txt 
	                 2418.txt 2419.txt 2420.txt 2421.txt 2422.txt 
	                 2423.txt 2424.txt 2425.txt 2426.txt 2427.txt 
	                 2428.txt 2429.txt 2430.txt 2431.txt 2432.txt 
	                 2433.txt 2434.txt 2435.txt 2436.txt 2438.txt 
	                 2439.txt 2440.txt 2441.txt 2442.txt 2443.txt 
	                 2444.txt 2445.txt 2446.txt

Log message:
* Added a ton of rules that include vulnerabilities in many high-profile
security products, including Checkpoint & ISS gear (see below)
* provided a single high-powered rule for detecting all of the evil virus emails

added even more docs. (Go Nigel)

2405 || WEB-PHP phptest.php access || bugtraq,9737
2406 || TELNET APC SmartSlot default admin account attempt || bugtraq,9681
Do you need help? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related snort.org Links
snort-announce
snort-cvsinfo
snort-devel
snort-sigs
snort-users
Request more information about Pantek
2407 || WEB-MISC util.pl access || bugtraq,9748
2408 || WEB-MISC Invision Power Board search.pl access || bugtraq,9766
2409 || POP3 APOP USER overflow attempt || bugtraq,9794
2410 || WEB-PHP IGeneric Free Shopping Cart page.php access || bugtraq,9773
2411 || WEB-MISC Real Server DESCRIBE buffer overflow attempt || url,www.service.real.com/help/faq/security/rootexploit091103.html || bugtraq,8476
2412 || ATTACK-RESPONSES successful cross site scripting forced download attempt
2413 || EXPLOIT ISAKMP delete hash with empty hash attempt || bugtraq,9416 || bugtraq,CAN-2004-0164
2414 || EXPLOIT ISAKMP initial contact notification without SPI attempt || bugtraq,9416 || bugtraq,CAN-2004-0164
2415 || EXPLOIT ISAKMP second payload initial contact notification without SPI attempt || bugtraq,9416 || bugtraq,CAN-2004-0164
2416 || FTP invalid MDTM command attempt
2417 || FTP format string attempt
2418 || MISC MS Terminal Server no encryption session initiation attmept || url,www.microsoft.com/technet/security/bulletin/MS01-052.asp
2419 || MULTIMEDIA realplayer .ram playlist download attempt
2420 || MULTIMEDIA realplayer .rmp playlist download attempt
2421 || MULTIMEDIA realplayer .smi playlist download attempt
2422 || MULTIMEDIA realplayer .rt playlist download attempt
2423 || MULTIMEDIA realplayer .rp playlist download attempt
2424 || NNTP sendsys overflow attempt || bugtraq,9382 || cve,CAN-2004-00045
2425 || NNTP senduuname overflow attempt || bugtraq,9382 || cve,CAN-2004-00045
2426 || NNTP version overflow attempt || bugtraq,9382 || cve,CAN-2004-00045
2427 || NNTP checkgroups overflow attempt || bugtraq,9382 || cve,CAN-2004-00045
2428 || NNTP ihave overflow attempt || bugtraq,9382 || cve,CAN-2004-00045
Do you need more help? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related snort.org Links
snort-announce
snort-cvsinfo
snort-devel
snort-sigs
snort-users
Request more information about Pantek
2429 || NNTP sendme overflow attempt || bugtraq,9382 || cve,CAN-2004-00045
2430 || NNTP newgroup overflow attempt || bugtraq,9382 || cve,CAN-2004-00045
2431 || NNTP rmgroup overflow attempt || bugtraq,9382 || cve,CAN-2004-00045
2432 || NNTP article post without path attempt
2433 || WEB-CGI MDaemon form2raw.cgi overflow attempt || bugtraq,9317
2434 || WEB-CGI MDaemon form2raw.cgi access || bugtraq,9317
2435 || WEB-CLIENT Microsoft emf metafile access || bugtraq,9707
2436 || WEB-CLIENT Microsoft wmf metafile access || bugtraq,9707
2437 || WEB-CLIENT RealPlayer arbitrary javascript command attempt || bugtraq,8453 || bugtraq,9738 || cve,CAN-2003-0726
2438 || WEB-CLIENT RealPlayer playlist file URL overflow attempt || bugtraq,9579
2439 || WEB-CLIENT RealPlayer playlist http URL overflow attempt || bugtraq,9579
2440 || WEB-CLIENT RealPlayer playlist rtsp URL overflow attempt || bugtraq,9579
2441 || WEB-MISC NetObserve authentication bypass attempt || bugtraq,9319
2442 || WEB-MISC Quicktime User-Agent buffer overflow attempt || cve,CAN-2004-0169
2443 || EXPLOIT ICQ SRV_MULTI/SRV_META_USER first name overflow attempt || url,www.eeye.com/html/Research/Advisories/AD20040318.html
2444 || EXPLOIT ICQ SRV_MULTI/SRV_META_USER first name overflow attempt || url,www.eeye.com/html/Research/Advisories/AD20040318.html
2445 || EXPLOIT ICQ SRV_MULTI/SRV_META_USER last name overflow attempt || url,www.eeye.com/html/Research/Advisories/AD20040318.html
2446 || EXPLOIT ICQ SRV_MULTI/SRV_META_USER email overflow attempt || url,www.eeye.com/html/Research/Advisories/AD20040318.html



-------------------------------------------------------

This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

Snort-cvsinfo mailing list
Snort-cvsinfo@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-cvsinfo Received on Sat Mar 20 17:10:33 2004

This message: [ Message body ]
Next message: Brian Caswell: "[snort-cvs] CVS: snort - cazz"
Previous message: Martin Roesch: "[snort-cvs] CVS: snort - roesch"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:57 EDT