Acrobat Snort Sig
We received a note that BleedingSnort posted a Snort sig for the acrobat vulnerability:
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE Adobe Acrobat Reader Malicious URL Null Byte"; reference:url,idefense.com/application/poi/display?id=126&type=vulnerabilities; uricontent:".pdf%00"; classtype:attempted-admin; sid:2002001; rev:2;)
Please use the following rule for the Adobe Acrobat Vulnerability:
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS
(msg:"BLEEDING-EDGE Adobe Acrobat Reader Malicious URL Null Byte";
flow:to_server,established; uricontent:".pdf|00|"; nocase;
reference:cve,2004-0629; classtype:web-application-attack; sid:2002001;
Reference and Updates at: http://www.bleedingsnort.com
Cisco Security Advisory: Cisco IOS Malformed OSPF Packet Causes Reload
Cisco just released a Security Advisory about a possible DoS condition in Cisco devices that have OSPF enabled.
According to Cisco:
"A Cisco device running Internetwork Operating System (IOS) ® and enabled for the Open Shortest Path First (OSPF) protocol is vulnerable to a Denial of Service (DoS) attack from a malformed OSPF packet. The OSPF protocol is not enabled by default.
The vulnerability is only present in Cisco IOS release trains based on 12.0S, 12.2, and 12.3. Releases based on 12.0, 12.1 mainlines, and all Cisco IOS images prior to 12.0 are not affected.
Cisco has made free software available to address this vulnerability.
There are workarounds available to mitigate the effects."
More distributed Scans
We received more logs from what looks like a distribuited scan for vulnerable scripts.
You can find an excerpt bellow:
[Mon Aug 16 07:05:40 2004] [error] [client 22.214.171.124] script not found or unable to stat: /yyyyyy/xxxxx/public_html/mail.cgi
[Mon Aug 16 07:05:39 2004] [error] [client 126.96.36.199] script not found or unable to stat: /yyyyyy/xxxxx/public_html/cgi-bin/FormMail.pl
[Mon Aug 16 07:05:34 2004] [error] [client 188.8.131.52] script not found or unable to stat: /yyyyyy/xxxxx/public_html/cgi-bin/formmail.cgi
[Mon Aug 16 07:05:23 2004] [error] [client 184.108.40.206] script not found or unable to stat: /yyyyyy/xxxxx/public_html/cgi-bin/mailform.pl
[Mon Aug 16 07:05:20 2004] [error] [client 220.127.116.11] script not found or unable to stat: /yyyyyy/xxxxx/public_html/cgi-bin/contact.cgi
[Mon Aug 16 07:05:19 2004] [error] [client 18.104.22.168] script not found or unable to stat: /yyyyyy/xxxxx/public_html/cgi-bin/formmail.pl
If do you ever had problems with spywares and related, be careful when choosing the right tools. The worst thing is that if you have a spyware in your computer, a lot of Anti-spywares tools pop-ups will appear in your window, offering the products. Be very very careful...!
I usually have a set of tools that I trust to clean up a computer, as many of you. So, if you are in doubt, drop us a line.
Olympic games 2004 status: Brazil - 2 bronze medals
Handler on Duty: Pedro Bueno (bueno/AT/ieee.org)
Aug 19th 2004
|Thread locked Subscribe||
Aug 19th 2004
1 decade ago