Hosting Provided By

Re: [Snort-sigs] WebDAV nessus script?

From: Brian <bmc(at)snort.org>
Date: Tue Mar 04 2003 - 20:41:43 EST

On Tue, Mar 18, 2003 at 04:21:05PM -0500, Joe Stewart wrote:
> On Tuesday 18 March 2003 02:32 pm, Paul Tobia wrote:

You need different URI lengths for different overflows.

Unfortunatly, there isn't a good way to look for this vulnerability with the current http decoder.

Marc, Dan, Marty, and I have been tossing around ideas on hwo to do this detection and still maintain some semblence of speed, but because of limitations in stream4 and http_decode, this is rather hard.

If you arn't using WEBDAV, you probably want to enable the rules Frank Knobbe posted earlier[0]. Unfortunatly, this vulnerability can be exploited via GET.

-brian

[0] http://marc.theaimsgroup.com/?l=snort-sigs&m=104795145612758&w=2

This SF.net email is sponsored by: Does your code think in ink? You could win a Tablet PC. Get a free Tablet PC hat just for playing. What are you waiting for?
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en

Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Tue Mar 18 21:15:43 2003

Do you need help?

This message: [ Message body ]
Next message: Frank Knobbe: "Re: [Snort-sigs] WebDAV nessus script?"
Previous message: Jason Haar: "Re: [Snort-sigs] WebDAV nessus script?"
In reply to: Joe Stewart: "Re: [Snort-sigs] WebDAV nessus script?"
In reply to Tobia,Paul: "RE: [Snort-sigs] WebDAV nessus script?"
Next in thread: Jason Haar: "Re: [Snort-sigs] WebDAV nessus script?"
Reply: Jason Haar: "Re: [Snort-sigs] WebDAV nessus script?"
Reply: Frank Knobbe: "Re: [Snort-sigs] WebDAV nessus script?"
Reply: JP Vossen: "[Snort-sigs] PCRE Editors/Debuggers [Slightly OT]"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:26 EDT