|
NetProwler 3.5.1 SU26 includes detection of the W32.Bugbear.B@mm. Successful propagation of this worm could result in the installation of a backdoor and keylogger on the machine. You may obtain NetProwler 3.5.1 SU26 through the product's auto update feature.
Download NetProwler 3.5.1 SU26
Download All NetProwler 3.5.1 Security Updates
NetProwler 3.5.1 SU25 includes detection of the W32.HLLW.Fizzer worm. Successful propagation of this worm could result in the installation of a backdoor and keylogger on the machine. You may obtain NetProwler 3.5.1 SU25 through the product's auto update feature.
Download NetProwler 3.5.1 SU25
NetProwler 3.5.1 SU24 includes detection of a Microsoft Windows 2000 WebDAV buffer overflow vulnerability. Successful exploitation of this vulnerability could result in the execution of arbitrary code on the machine. You may obtain NetProwler 3.5.1 SU24 through the product's auto update feature.
Download NetProwler 3.5.1 SU24
NetProwler 3.5.1 SU23 includes detection of a Sendmail header processing buffer overflow vulnerability. Successful exploitation of this vulnerability could result in the execution of arbitrary code on the machine. You may obtain NetProwler 3.5.1 SU23 through the product's auto update feature.
Download NetProwler 3.5.1 SU23
NetProwler 3.5.1 SU22 includes detection of the W32.SQLExp.Worm. Successful infection by this worm could result in the execution of arbitrary code on the machine. You may obtain NetProwler 3.5.1 SU22 through the product's auto update feature.
Download NetProwler 3.5.1 SU22
NetProwler 3.5.1 SU21 includes detection of requests made to the RDS Data Stub component of Microsoft Data Access Components (MDAC). Successful exploitation of this vulnerability could result in an attacker's ability to execute arbitrary code on the machine. MDAC ships by default with all versions of Windows 2000 and IIS web server. You may obtain NetProwler 3.5.1 SU21 through the product's auto update feature.
Download NetProwler 3.5.1 SU21
NetProwler 3.5.1 SU20 introduces a total of six (6) new signatures. These signatures include the detection of a Lucent Router exploit, a Microsoft 2000 exploit, a Solaris AnswerBook2 exploit, an Avaya switch exploit, a Solaris Telnet Buffer Overflow, and a Cisco TFTP Buffer Overflow. You may obtain NetProwler 3.5.1 SU20 through the product's auto update feature.
Download NetProwler 3.5.1 SU20
NetProwler 3.5.1 SU19 introduces a total of nine (9) new signatures. New signatures include the detection of a NetTerm Buffer Overflow, a Cisco Denial of Service (DoS), a Microsoft Internet Information Service (IIS) ISAPI DoS, a Microsoft IIS Buffer Overflow, and the exploitation of vulnerabilities that exist in four separate cgi scripts. You may obtain NetProwler 3.5.1 SU 19 through the product's auto update feature.
Download NetProwler 3.5.1 SU19
NetProwler 3.5.1 SU18 introduces a total of two (2) signatures. New signatures include the detection of the Apache Chunk Encoding Buffer Overflow and the detection of a BIND version query. You may obtain NetProwler 3.5.1 SU 18 through the product's auto update feature.
Download NetProwler 3.5.1 SU18
NetProwler 3.5.1 SU17 introduces four (4) signatures. New signatures include the detection of the SQLSnake propagating across the network via the SQL port. Included also, are some unsafe practices of SQL. You may obtain NetProwler 3.5.1 SU 17 through the product's autoupdate feature.
Download NetProwler 3.5.1 SU17
NetProwler 3.5.1 SU16 introduces a total of six (6) signatures. New signatures include the detection of the W32.klez.gen@mm worm family propagating across the network via SMTP and NetBios shares, and a buffer overflow targeting /bin/login. In addition, four signatures have been updated detecting AltaVista directory traversal attempts, MStream master and client communications, and MStream Flooding. You may obtain NetProwler 3.5.1 SU 16 through the product's autoupdate feature.
Download NetProwler 3.5.1 SU16
NetProwler 3.5.1 SU15 introduces six (6) new signatures that detect a Lotus Domino password bypass, a root exploit to UCD-SNMP Community Name buffer, and Buffer Overflows to mIRC Nickname, QuickTime Content-Type, UPnP (Universal Plug and Play), and SNMP Set System name. You may obtain NetProwler 3.5.1 SU 15 through the product's autoupdate feature.
Download NetProwler 3.5.1 SU15
NetProwler 3.5.1 SU14 introduces a signature that detects attempts to exploit vulnerabilities in the PHP file upload feature, versions prior to 4.1.2. An attacker can gain system-level, remote access or cause a DoS by overflowing a buffer in the file upload feature of the PHP scripting language engine.
Download NetProwler 3.5.1 SU14
NetProwler 3.5.1 SU13 introduces seven (7) new signatures that detect a CDE dtspcd attack, a Microsoft IE object tag exploit, an Oracle 8i dbsnmp DoS, an Apache PHP file read attack, two newly discovered SNMP vulnerabilities, and a buffer overflow in Wu_Ftpd. In addition, the HTTP IIS ISAPI Extension signature released in an earlier SU has been modified to detect attempts to exploit the vulnerability using multiple packets. You may obtain NetProwler 3.5.1 SU13 through the product's autoupdate feature.
Download NetProwler 3.5.1 SU13
NetProwler 3.5.1 SU12 introduces 6 new signatures detecting the SSH CRC32 attack, a PHPNuke attack, a new version of the Whisker CGI Scanner, and 3 other Buffer Overflow and Denial Of Service attacks You may obtain NetProwler 3.5.1 SU12 through the product's auto update feature.
Download NetProwler 3.5.1 SU12
NetProwler 3.5.1 SU11 strengthens 6 signatures already packaged with previous security updates and adds a RPC service targeted buffer overflow. This update addresses a number of false positive issues that have been reported to Symantec.
Download NetProwler 3.5.1 SU11
NetProwler 3.5.1 SU10 introduces signatures that detect various buffer overflow and denial of service attacks. It also adds two new signatures that detect attacks to various CGI programs. This update contains eight new signatures, and one updated signature. You may obtain NetProwler 3.5.1 SU10 through the product's auto update feature.
Download NetProwler 3.5.1 SU10
NetProwler 3.5.1 SU9 introduces signatures that detect various buffer overflow and denial of service attacks. It also strengthens the already existing NetProwler WebCom_CGI and ISAPI Extension signatures. This update contains fifteen new signatures. You may obtain NetProwler 3.5.1 SU9 through the product's auto update feature.
Download NetProwler 3.5.1 SU9
NetProwler 3.5.1 SU8 introduces a signature that detects attempts to exploit the Microsoft Windows NT/2000 IIS Server versions 4.0/5.0. An attacker can gain system-level, remote access or cause a DoS by overflowing a buffer in the idq.dll used by the ISAPI .ida and .idq file extensions.
Download NetProwler 3.5.1 SU8
NetProwler 3.5.1 SU7 introduces signatures that detect conflicting TCP flags, FrontPage path disclosure, buffer overflow style attacks for FTP, Solaris snmpXdmid, print spooler, and statd services. It also strengthens the already existing NetProwler Girlfriend, CodeBrws_CGI, Perl_CGI, URL_Directory_Traversal, and URL_Hex_Characters signatures. This update contains eighteen new signatures. You may obtain NetProwler 3.5.1 SU7 through the product's auto update feature.
Download NetProwler 3.5.1 SU7
NetProwler 3.5.1 SU6 introduces a signature that detect attempts to exploit the Solaris sadmind buffer overflow vulnerability by overwriting the stack pointer and executing arbitrary code as root on the system.
Download NetProwler 3.5.1 SU6
NetProwler 3.5.1 SU5 introduces a signature that detect attempts to exploit the Microsoft Windows 2000 IIS 5.0 Server system-level, remote access buffer overflow by overflowing the ISAPI .printer Extension in IIS 5.0.
Download NetProwler 3.5.1 SU5
NetProwler 3.5.1 SU4 introduces signatures that detect escaped characters within a URL, directory traversals within a URL, multiple web server CGI vulnerabilities, HTML formatted e-mails that use frames, and buffer overflow style attacks for FTP services. It also strengthens the already existing NetProwler Stacheldraht signatures.
Download NetProwler 3.5.1 SU4
AltaVista_Traversal: Detects attempts to use a directory traversal to read files and directories outside of the web server's scope.
Beaninfo_CGI: Detects attempts to execute the beaninfo CGI cold fusion module that may allow arbitrary reading of remote files and DoS the host with file processing tasks.
CFCache_CGI: Detects attempts to read sensitive system information made publicly accessible by the CFCache function in ColdFusion version 4x.
Compaq_Agent_Traversal: Detects attempts to use a directory traversal to read files and directories outside of the web server's scope.
Detail_CGI: Detects attempts to execute the detail CGI cold fusion module that may allow arbitrary reading of remote files and DoS the host with file processing tasks.
DisplayOpenedFile_CGI: Detects attempts to save arbitrary files uploaded to the Cold Fusion Application Server by the openfile CGI cold fusion module.
E_Mail_Embedded_Frames: Detects HTML frames within e-mail messages.
Excite_CGI: Detects attempts to execute remote shell commands through Excite for Web Servers' perl interpreter that could compromise privileged access.
FTP_Input_Validation: Detects attempts to exploit FTP servers through an input validation bug.
GetTempDirectory_CGI: Detects attempts to execute the gettempdirectory CGI cold fusion module that may allow arbitrary reading of remote files and DoS the host with file processing tasks.
HTSearch_CGI: Detects attempts to execute the htsearch CGI script that allows arbitrary reading of remote files.
Imagemap_CGI: Detects attempts to buffer overflow the imagemap CGI and gain privileged access on the remote host.
Infosrch_CGI: Detects attempts to execute the infosrch CGI script that allows remote commands to be executed with the web server's privileges.
MLog_CGI: Detects attempts to execute the mlog CGI script that allows arbitrary reading of remote files.
NewTear: NewTear uses malformed packet fragments to crash vulnerable operating systems. It is a variant of Teardrop modified to work against some operating systems even after the Teardrop patch has been applied.
OpenFile_CGI: Detects attempts to upload arbitrary files to the Cold Fusion Application Server.
Perl_CGI: Detects attempts to execute remote commands on a web server through the perl interpreter.
PFDispaly_CGI: Detects attempts to execute the pfdisplay CGI script that allows arbitrary reading of remote files.
PHP_CGI: Detects attempts to execute the PHP CGI script that allows arbitrary reading of remote files.
Stacheldraht: Stacheldraht is a distributed denial-of-service tool that allows attackers to use compromised systems as attack agents. This signature detects network activity resembling Stacheldraht control communication.
Stacheldraht_Agent: Stacheldraht is a distributed denial-of-service tool that allows attackers to use compromised systems as attack agents. This signature detects specific network traffic generated by the Stacheldraht agent component.
URL_Directory_Traversal: Detects directory traversal attempts in a URL.
URL_Hex_Characters: Detects escaped hex characters in a URL.
ViewExample_CGI: Detects attempts to execute the viewexample CGI cold fusion module that may allow arbitrary reading of remote files and DoS the host with file processing tasks.
Webcom_CGI: Detects attempts to execute the Webcom CGI Guestbook programs wguest.exe and rguest.exe that allow remote files to be read arbitrarily using the "template" parameter.
NetProwler 3.5.1 SU3 introduces signatures that detect malicious embedded e-mail and web content, buffer overflow style attacks, and IIS RDS exploits.
Download NetProwler 3.5.1 SU3
- Javascript_GetObject
This signature detects the GetObject exploit for Internet Explorer 5.x, Outlook and Outlook Express.
- NOOP_String
This signature detects strings of NOOP (no operation) characters as commonly found in buffer overflow attacks.
- RDS_Shell
This signature detects attempts to execute shell commands remotely through the RDS interface in Microsoft's IIS.
NetProwler 3.5 SU2 introduces signatures that detect malicious embedded e-mail content, and a variety of attacks against web servers. This update contains 16 new signatures, and does not include update 1.
Download NetProwler 3.5.1 SU 2
- CFMLSyntaxCheck_CGI
The sample file, CFMLSyntaxCheck.cfm, can be used in a DOS attack and may allow unauthorized access to your web server.
- CodeBrws_CGI
SiteServer sample, codebrws.asp, allows remote users to view any file on the file system.
- EMail_Embedded_Access_Object
Embedded Access object references in HTML e-mail may allow unauthorized system access.
- EMail_Embedded_Excel_Object
Excel objects scripted in HTML e-mail allow unauthorized access to the file system.
- EMail_Embedded_JavaScript
Embedded JavaScript in HTML e-mail may allow unauthorized system access.
- EMail_Embedded_PowerPoint_Object
PowerPoint objects scripted in HTML e-mail allow unauthorized access to the file system.
- EMail_Embedded_Script
Embedded scripts in HTML e-mail may allow unauthorized system access.
- EMail_Embedded_VBScript
Embedded Visual Basic scripts in HTML e-mail may allow unauthorized system access.
- Evaluate_CGI
The sample file, evaluate.cfm, may allow users unauthorized access to your web server.
- ExprCalc_CGI
ColdFusion Exprcalc.cfm can be used to read, write, and delete files.
- FileExists_CGI
The sample file, fileexists.cfm, allows users to detect the existence of files on your web server.
- Javascript_GetObject
This signature detects the GetObject exploit for Internet Explorer 5.x, Outlook and Outlook Express '97, '98, and 2000.
- MainFrameSet_CGI
The sample file, MainFrameSet.cfm, may allow users to bypass host-based authnetication.
- NOOP_String
This signature detects strings of NOOP (no operation) characters as commonly found in exploit attempts to compromise system access.
- NTFS_DATA_Suffix
Some web servers fail to recognize file extensions on URLs ending with ::$DATA. With NTFS, this allows users to download potentially sensitive content (such as .asp files) that would normally be processed by the server.
- RDS_Shell
This signature detects attempts to execute shell commands remotely through the RDS interface in Microsofts IIS.
- SourceWindow_CGI
ColdFusion SourceWindow.cfm can allow users to read, write, and delete files.
- ViewCode_CGI
The sample file, ViewCode.asp, may allow users to view sensitive server-side scripts.
- WebHits_CGI
A bug in webhits.ull included in Microsoft's IIS server allows read access to files outside the web root.
NetProwler 3.5.1 SU1 introduces the following signatures to detect activity of the MStream DDoS (distributed denial-of-service) attack tool.
Download NetProwler 3.5.1 SU1
- MStream_Client
An outgoing MStream DDoS trojan horse client control session has been detected.
- MStream_Client_Login
An outgoing MStream DDoS trojan horse client control session has been detected.
- MStream_Flood
An incoming MStream DDoS TCP flood attack was detected.
- MStream_Master_Command
MStream DDoS trojan horse master activity detected (CERT CA-2000-1).
- MStream_Master_Login
MStream DDoS trojan horse master activity detected (CERT CA-2000-1).
- MStream_Master_Newserver
MStream DDoS trojan horse master activity detected (CERT CA-2000-1).
- MStream_Server_Command
MStream DDoS trojan horse server activity detected (CERT CA-2000-1).
- MStream_Server_Newserver
MStream DDoS trojan horse server activity detected (CERT CA-2000-1).
|
