VRT Rules 2005-03-16
Sourcefire VRT Certified Rule Update
The Sourcefire Vulnerability Research Team (VRT) has learned of serious vulnerabilities affecting Oracle database servers, Computer Associates License server and MySQL MaxDB WebSQL service.
Oracle UTL_FILE commands allow a user to read, write, copy, or delete files in locations and directories authorized to the user. However, sufficient checks are not performed to ensure that the user does not attempt to employ a directory traversal technique to manipulate files outside the authorized directories.
Rules to detect attacks against this vulnerability are included in this rule pack and are identified as sids 3512 through 3516.
Computer Associates License software allows a site to maintain and handle licenses for CA products. A server runs the software to facilitate this and it communicates with clients/agents on the network. A programming error may present an attacker with the opportunity to overflow a static buffer and possibly execute code of their choosing on the affected host.
Rules to detect attacks against this vulnerability are included in this rule pack and are identified as sids 3520 through 3522 and 3517.
The MySQL MaxDB WebSQL service suffers from a programming error that may allow an attacker to overflow a static buffer by supplying excess data in the parameter to the password value. The attacker may then be able to execute code of their choosing on the affected host.
Rules to detect attacks against this vulnerability are included in this rule pack and are identified as sids 3518 and 3519.
Rule Pack Summary
For a complete list of new and modified rules, click here.
Sourcefire VRT rule packs often utilize enhancements made to Snort. Operators should upgrade to the latest revision or patch level for Snort to ensure these enhancements are available before using these rules.
About the Sourcefire Vulnerability Research Team
The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in network security industry.