VRT Advisories
« Previous 1 2 … 105 106 107 108 109 110 111 112 113 Next »
VRT Rules 2005-07-22
Sourcefire VRT Certified Rules Update
Date: 2005-07-22
Synopsis:
The Sourcefire Vulnerability Research Team (VRT) has learned of serious vulnerabilities affecting Microsoft Windows, RealPlayer, MailEnable, the PHP XML-RPC module and FutureSoft TFTP server.
Details:
A programming error in the processing of malformed InfoTech protocol messages used by Microsoft help, can lead to the exposure of a buffer overflow condition. An attacker may be able to overflow this buffer and supply code of their choosing to be executed on the system with the privileges of the administrative account. In addition, applications may treat Windows Help as a trusted program and further exploitation and host firewall bypass may be possible.
Rules to detect attacks against this vulnerability are included in this rule pack and are identified as sids 3819 through 3821.
The RealPlayer media player uses RealText to support streaming text documents. A vulnerability exists in the way RealPlayer handles a malformed request for a .rt file that contains an incorrect RealText version number. If an overly long .rt filename is requested and an incorrect RealText version is specified, a buffer allocated to handle error conditions can be overflowed. This may permit the execution of arbitrary code.
Rules to detect attacks against this vulnerability are included in this rule pack and are identified as sids 3822 through 3823.
MailEnable is a Windows-based mail server. A vulnerability exists in the MailEnable SMTP server, possibly allowing a denial of service or the execution of arbitrary code with system privileges.
A Rule to detect attacks against this vulnerability is included in this rule pack and is identified as sid 3824.
A vulnerability exists in the PHP XML-RPC module that may allow unauthorized users to execute arbitrary commands. No user authentication is required to execute these commands.
A Rule to detect attacks against this vulnerability is included in this rule pack and is identified as sid 3827.
A vulnerability exists in the FutureSoft TFTP server when processing overly long read or write requests for either a file name or transfer mode string. This may cause a buffer overflow and the subsequent execution of arbitrary commands on a vulnerable server.
Rules to detect attacks against this vulnerability are included in this rule pack and are identified as sids 3817 through 3818.
Rule Pack Summary:
For a complete list of new and modified rules, click here.
Warning:
Sourcefire VRT rule packs often utilize enhancements made to Snort. Operators should upgrade to the latest revision or patch level for Snort to ensure these enhancements are available before using these rules.
About the VRT:
The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in network security industry.
Posted by on Jul 22, 2005
VRT Rules 2005-07-08
Sourcefire VRT Certified Rules Update
Date: 2005-07-08
Synopsis:
The Sourcefire Vulnerability Research Team (VRT) has learned of a serious vulnerability affecting Internet Explorer.
Details:
Internet Explorer does not properly handle a COM object known as javaprxy.dll that is installed on hosts that run Microsoft Java Machine. When this COM object is invoked through a web page, the contents of the web page are copied to shared memory on the client host. When the web page contains a large amount of data, a buffer overflow can occur.
A Rule to detect attacks against this vulnerability is included in this rule pack and is identifed as sid 3814.
Rule Pack Summary:
For a complete list of new and modified rules, click here.
Warning:
Sourcefire VRT rule packs often utilize enhancements made to Snort. Operators should
upgrade to the latest revision or patch level for Snort to ensure these enhancements are
available before using these rules.
About the VRT:
The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in network security industry.
Posted by on Jul 08, 2005
VRT Rules 2005-06-30
Sourcefire VRT Certified Rules Update
Date: 2005-06-30
Synopsis:
The Sourcefire Vulnerability Research Team (VRT) has learned of multiple serious vulnerabilities affecting Veritas Backup Exec Server and Agent Software.
Details:
US-CERT Vulnerability Note VU#352625 A vulnerability exists in the Veritas Backup Server handles DCERPC requests that attempt to alter registry values, enabling an attacker to modify the registry. The Backup Server accepts anonymous client requests, but fails to assign the appropriate privileges. This allows an attacker to perform privileged tasks on the server. One such task is altering registry values.
US-CERT Vulnerability Note VU#492105, CAN-2005-0773 A vulnerability exists in Veritas Backup Agent authentication software. This software uses Network Data Management Protocol (NDMP) to communicate between clients and servers. Authentication is required to successfully connect. Errors in processing the authentication credentials can give an attacker the opportunity to overflow a fixed length buffer which may lead to the execution of code of the attackers choosing on the affected host.
US-CERT Vulnerability Note VU#584505, CAN-2005-0771 The Veritas Backup Agent Exec provides backup software. Certain communications are done via the Network Data Management Protocol (NDMP). The agent does not properly handle malformed NDMP protocol requests. Exploitation of this issue is simple and can lead to a Denial of Service (DoS) for the agent.
Rules to detect attacks against these vulnerabilities are included in this rule pack and are identified as sids 3695 through 3812.
References: US-CERT Technical Cyber Security Alert TA05-180A http://www.us-cert.gov/cas/techalerts/TA05-180A.html
VERITAS Security Advisory for Backup Exec for Windows Servers and Backup Exec for NetWare Servers http://seer.support.veritas.com/docs/277428.htm
Rule Pack Summary:
For a complete list of new and modified rules, click here.
Warning:
Sourcefire VRT rule packs often utilize enhancements made to Snort. Operators should upgrade to the latest revision or patch level for Snort to ensure these enhancements are available before using these rules.
About the VRT:
The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in network security industry.
Posted by on Jun 30, 2005
VRT Rules 2005-06-29
Sourcefire VRT Certified Rules Update
Date: 2005-06-29
Synopsis:
The Sourcefire Vulnerability Research Team (VRT) has learned of serious vulnerabilities affecting IBM Websphere and Squid HTTP proxy server.
Details:
A Squid proxy server can cache resources to make access to them more efficient. A malformed request sent to a Squid proxy server may be interpreted and processed differently than the actual responding web server. A particular malformed request that contains two "Content-Length" header fields can be used to try to poison the cache by causing the Squid proxy server and an upstream server to process the contents differently.
A Rule to detect attacks against this vulnerability is included in this rule pack and is identified as sid 3694.
IBM WebSphere may use form-based authentication to permit access to applications. The CGI variables j_username and j_password are used for this authentication process. Overly long values passed to these variables can cause a buffer overflow and the subsequent execution of arbitrary code on the vulnerable server. This is due to a failure in the code to accommodate wide-character expansion for the receiving buffer.
A rule to detect attacks against this vulnerbility is included in this rule pack and is identified as sid 3693.
Rule Pack Summary:
For a complete list of new and modified rules, click here.
Warning:
Sourcefire VRT rule packs often utilize enhancements made to Snort. Operators should upgrade to the latest revision or patch level for Snort to ensure these enhancements are available before using these rules.
About the VRT:
The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in network security industry.
Posted by on Jun 29, 2005
VRT Rules 2005-06-15
Sourcefire VRT Certified Rules Update
Date: 2005-06-15
Synopsis:
The Sourcefire Vulnerability Research Team (VRT) has learned of serious vulnerabilities affecting various vendor Telnet client software and Microsoft Internet Explorer.
Details:
A telnet client and server can negotiate various options such as the character set to be used in the communication exchange. One particular option allows a client or server to send new environment options. Certain telnet clients will respond to a telnet server that issues a new environment send command for a particular environment variable, such as the current user. This information disclosure can be valuable to a potential attacker. Although this vulnerability affects multiple vendors it is also addressed in the Microsoft advisory MS05-033.
Rules to detect attacks against this vulnerability are included in this rule pack and are identified as sids 3687 and 3688.
Internet Explorer has an optional feature known as Content Advisor that allows unsuitable content to be blocked. The Content Advisor uses a ratings description file to determine what is considered to be unsuitable content. The ratings description file contains several statements including a name statement. An overly long value supplied to a specific name statement can cause a buffer overflow and the subsequent execution of arbitrary code.
A rule to detect attacks against this vulnerbility is included in this rule pack and is identified as sid 3686.
A vulnerability exists in the way Internet Explorer handles the transparency chunk of a PNG file, enabling a buffer overflow and the subsequent execution of arbitrary code on a vulnerable client. This vulnerability is addressed in the Microsoft advisory MS05-025.
A rule to detect attacks against this vulnerbility is included in this rule pack and is identified as sid 3689.
Rule Pack Summary:
For a complete list of new and modified rules, click here.
Warning:
Sourcefire VRT rule packs often utilize enhancements made to Snort. Operators should upgrade to the latest revision or patch level for Snort to ensure these enhancements are available before using these rules.
About the VRT:
The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in network security industry.
Posted by on Jun 15, 2005
