Snort mailing list archives
GDI exploit signatures
From: "Baker, Craig" <Craig.Baker () IFLYATA COM>
Date: Wed, 6 Oct 2004 01:25:11 -0500
There has been limited feedback/discussion on the GDI vulnerability/exploits and associated signatures. The signatures provided by the ISC handlers register many alerts, but the ones I've investigated appear to be false positives. I just wondered if anyone has had any success with other GDI detection rules or what the consensus seems to be of the amount of exploits in the wild. The following link has some exploit code listed on the site, but I'm not sure if this has been widely distributed or not. Any feedback is appreciated. This will be a major problem and I hope to be prepared with some early detection prior to the all-out-assault that might be imminent. The exploit code appears at: http://vdb.dragonsoft.com.tw/exploit/msJPEGParsingVulnHighT1mes.c Regards, CB ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- GDI exploit signatures Baker, Craig (Oct 05)