Winamp MAKI Parsing Vulnerability Details
About two months ago, we found a vulnerability in the Winamp 5.55 MAKI script parsing module. We reported our findings to AOL. AOL then released Winamp version 5.552 with the fix. Here are the details: Winamp MAKI Parsing Integer Overflow Vulnerability Vendor: AOL/Nullsoft Sev
Rules to detect IIS 6.0 WebDAV exploit
Thanks for the inquiries. Here are rules that detect attacks against IIS 6.0 with WebDAV enabled. (see yesterdays post for details) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB-IIS Microsoft IIS 6.0 WebDAV COPY remote authentication bypass attempt"; flow:to_se
Snort protection against IIS 6.0 WebDAV exploit
Microsoft Security Advisory (971491) published on May 18, 2009 concerns a vulnerability in IIS that may allow unauthorized access to an area of a website that would normally be protected. An attack against IIS 6.0 with WebDAV enabled was published at milw0rm (http://www.milw0rm.
Tips for Writing Good Rules from a n00b
It has been two months since I joined the VRT. Since then, I have learned a lot about Snort and want to share some tactics with other people who are new to Snort (as I was). More precisely, I want to talk about how to write good Snort rules with performance in mind. First of all