[Emerging-updates] Daily Ruleset Update Summary 3/23/2011

Matthew Jonkman jonkman at emergingthreatspro.com
Wed Mar 23 20:03:16 EST 2011


Two major issues covered today. First is the set of fraudulent SSL certificates issued for very well known sites that handle often very sensitive information. If these fire you should be concerned.

Second is coverage for the set of 34 SCADA vulnerabilities released yesterday. These are also quite important if you're running this kind of equipment. we recommend immediate deployment, exploits are in the wild and no patches exist.

[+++]          Added rules:          [+++]


First the SCADA coverage:

 2801787 - ETPRO SCADA IGSS SCADA System Directory Traversal and Download (scada.rules)
 2801788 - ETPRO SCADA IGSS SCADA system Directory Traversal Upload and Overwrite (scada.rules)
 2801789 - ETPRO SCADA IGSS SCADA ListAll Function Buffer Overflow (scada.rules)
 2801790 - ETPRO SCADA IGSS SCADA Write File Function Buffer Overflow (scada.rules)
 2801791 - ETPRO SCADA IGSS SCADA ReadFile Function Buffer Overflow (scada.rules)
 2801792 - ETPRO SCADA IGSS SCADA Delete Function Buffer Overflow (scada.rules)
 2801793 - ETPRO SCADA IGSS SCADA RenameFile Function Buffer Overflow (scada.rules)
 2801794 - ETPRO SCADA IGSS SCADA FileInfo Function Buffer Overflow (scada.rules)
 2801795 - ETPRO SCADA IGSS SCADA RMS Report Add Command Buffer Overflow (scada.rules)
 2801796 - ETPRO SCADA IGSS SCADA RMS Report Template ReadFile Command Buffer Overflow (scada.rules)
 2801797 - ETPRO SCADA IGSS SCADA RMS Report Template WriteFile Command Buffer Overflow (scada.rules)
 2801798 - ETPRO SCADA IGSS SCADA RMS Report Template Add Command Buffer Overflow (scada.rules)
 2801799 - ETPRO SCADA IGSS SCADA RMS Report Template Rename Command Buffer Overflow (scada.rules)
 2801800 - ETPRO SCADA IGSS SCADA RMS Report Template Delete Command Buffer Overflow (scada.rules)
 2801801 - ETPRO SCADA IGSS SCADA STDREP Request Buffer Overflow (scada.rules)
 2801802 - ETPRO SCADA IGSS SCADA dc.exe Server Directory Traversal Arbitrary File Execution - 0xa (scada.rules)
 2801803 - ETPRO SCADA IGSS SCADA dc.exe Server Directory Traversal Arbitrary File Execution - 0x17 (scada.rules)
 2801804 - ETPRO SCADA RealFlex RealWin SCADA SCPC_TXTEVENT strcpy() Buffer Overflow (scada.rules)
 2801805 - ETPRO SCADA RealFlex RealWin SCADA On_FC_CONNECT_FCS_LOGIN Buffer Overflow (scada.rules)
 2801806 - ETPRO SCADA RealFlex RealWin SCADA On_FC_CTAGLIST_FCS_CADDTAG Buffer Overflow (scada.rules)
 2801807 - ETPRO SCADA RealFlex RealWin SCADA On_FC_CTAGLIST_FCS_CDELTAG Buffer Overflow (scada.rules)
 2801808 - ETPRO SCADA RealFlex RealWin SCADA On_FC_CTAGLIST_FCS_ADDTAGMS Buffer Overflow (scada.rules)
 2801809 - ETPRO SCADA RealFlex RealWin SCADA On_FC_RFUSER_FCS_LOGIN Buffer Overflow (scada.rules)
 2801810 - ETPRO SCADA RealFlex RealWin SCADA On_FC_BINFILE_FCS_*FILE Buffer Overflow 1 (scada.rules)
 2801811 - ETPRO SCADA RealFlex RealWin SCADA On_FC_BINFILE_FCS_*FILE Buffer Overflow 2 (scada.rules)
 2801812 - ETPRO SCADA RealFlex RealWin SCADA On_FC_BINFILE_FCS_*FILE Buffer Overflow 3 (scada.rules)
 2801813 - ETPRO SCADA RealFlex RealWin SCADA On_FC_BINFILE_FCS_*FILE Buffer Overflow 4 (scada.rules)
 2801814 - ETPRO SCADA RealFlex RealWin SCADA On_FC_BINFILE_FCS_*FILE Buffer Overflow 5 (scada.rules)
 2801815 - ETPRO SCADA RealFlex RealWin SCADA On_FC_BINFILE_FCS_*FILE Buffer Overflow 6 (scada.rules)
 2801816 - ETPRO SCADA RealFlex RealWin SCADA On_FC_MISC_FCS_MSGBROADCAST Buffer Overflow (scada.rules)
 2801817 - ETPRO SCADA RealFlex RealWin SCADA On_FC_MISC_FCS_MSGSEND Buffer Overflow (scada.rules)
 2801818 - ETPRO SCADA RealFlex RealWin SCADA On_FC_CGETTAG_FCS_GETTELEMETRY Buffer Overflow (scada.rules)
 2801819 - ETPRO SCADA RealFlex RealWin SCADA On_FC_CGETTAG_FCS_GETCHANNELTELEMETRY Buffer Overflow (scada.rules)
 2801820 - ETPRO SCADA RealFlex RealWin SCADA On_FC_CGETTAG_FCS_SETTELEMETRY Buffer Overflow (scada.rules)
 2801821 - ETPRO SCADA RealFlex RealWin SCADA On_FC_CGETTAG_FCS_SETCHANNELTELEMETRY Buffer Overflow (scada.rules)
 2801822 - ETPRO SCADA RealFlex RealWin SCADA On_FC_SCRIPT_FCS_STARTPROG Buffer Overflow (scada.rules)
 2801833 - ETPRO SCADA Iconics Genesis SCADA Freeing of Unitialized Memory (scada.rules)
 2801834 - ETPRO SCADA Iconics Genesis SCADA Freeing of Unitialized Memory Trigger Option 1 (scada.rules)
 2801835 - ETPRO SCADA Iconics Genesis SCADA Freeing of Unitialized Memory Trigger Option 2 (scada.rules)
 2801836 - ETPRO SCADA Iconics Genesis SCADA Freeing of Unitialized Memory Trigger Option 3 (scada.rules)
 2801837 - ETPRO SCADA Iconics Genesis SCADA Freeing of Unitialized Memory Trigger Option 4 (scada.rules)
 2801838 - ETPRO SCADA Iconics Genesis SCADA Freeing of Unitialized Memory Trigger Option 5 (scada.rules)


And the SSL Certs:

 2801839 - ETPRO CURRENT_EVENTS Known Fraudulent SSL Certificate for addons.mozzilla.org (current_events.rules)
 2801840 - ETPRO CURRENT_EVENTS Known Fraudulent SSL Certificate for Global Trustee (current_events.rules)
 2801841 - ETPRO CURRENT_EVENTS Known Fraudulent SSL Certificate for login.live.com (current_events.rules)
 2801842 - ETPRO CURRENT_EVENTS Known Fraudulent SSL Certificate for login.skype.com (current_events.rules)
 2801843 - ETPRO CURRENT_EVENTS Known Fraudulent SSL Certificate for login.yahoo.com 1 (current_events.rules)
 2801844 - ETPRO CURRENT_EVENTS Known Fraudulent SSL Certificate for login.yahoo.com 2 (current_events.rules)
 2801845 - ETPRO CURRENT_EVENTS Known Fraudulent SSL Certificate for login.yahoo.com 3 (current_events.rules)
 2801846 - ETPRO CURRENT_EVENTS Known Fraudulent SSL Certificate for mail.google.com (current_events.rules)
 2801847 - ETPRO CURRENT_EVENTS Known Fraudulent SSL Certificate for www.google.com (current_events.rules)

Sorry, no Open rules today. We'll catch up on those tonight and tomorrow morning and publish asap!


----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630 x110
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Emerging-updates mailing list