Cisco Talos Blog

May 20, 2009 11:54

Winamp MAKI Parsing Vulnerability Details

About two months ago, we found a vulnerability in the Winamp 5.55 MAKI script parsing module. We reported our findings to AOL. AOL then released Winamp version 5.552 with the fix. Here are the details: Winamp MAKI Parsing Integer Overflow Vulnerability Vendor: AOL/Nullsoft Sev

May 20, 2009 09:43

Rules to detect IIS 6.0 WebDAV exploit

Thanks for the inquiries. Here are rules that detect attacks against IIS 6.0 with WebDAV enabled. (see yesterdays post for details) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB-IIS Microsoft IIS 6.0 WebDAV COPY remote authentication bypass attempt"

May 19, 2009 17:19

Snort protection against IIS 6.0 WebDAV exploit

Microsoft Security Advisory (971491) published on May 18, 2009 concerns a vulnerability in IIS that may allow unauthorized access to an area of a website that would normally be protected. An attack against IIS 6.0 with WebDAV enabled was published at milw0rm (http://www.milw0rm.

January 8, 2009 14:08

Tips for Writing Good Rules from a n00b

It has been two months since I joined the VRT. Since then, I have learned a lot about Snort and want to share some tactics with other people who are new to Snort (as I was). More precisely, I want to talk about how to write good Snort rules with performance in mind. First of all