Snort mailing list archives
Re: [Emerging-Sigs] Netgear Arbitrary Command Execution sig
From: James Lay <jlay () slave-tothe-box net>
Date: Mon, 12 Dec 2016 14:38:57 -0700
Thanks Travis. James On 2016-12-12 14:36, Travis Green wrote:
James, we have a sig for this in ET OPEN that will go out today. Thanks for the submission! -Travis On Mon, Dec 12, 2016 at 2:31 PM, James Lay <jlay () slave-tothe-box net> wrote:I can't imagine anyone running a port 80 Netgear on the WAN side, but eh...stranger things have happened: alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Netgear Arbitrary Command Execution Attempt"; flow:established,to_server; content:"GET"; http_method; nocase; content:"/cgi-bin/|3B|"; http_uri; nocase; reference:url,http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers[1]; reference:cve,2016-582384 [2]; classtype:attempted-dos; sid:xxxxxxx; rev:1;) James _______________________________________________ Emerging-sigs mailing list Emerging-sigs () lists emergingthreats net https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs [3] Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreats.net-- PGP: 0xBED7B297 [4] Links: ------ [1] http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers [2] tel:2016-582384 [3] https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs [4] https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Current thread:
- Netgear Arbitrary Command Execution sig James Lay (Dec 12)
- Re: Netgear Arbitrary Command Execution sig Joshua Williams (Dec 12)
- Message not available
- Re: [Emerging-Sigs] Netgear Arbitrary Command Execution sig James Lay (Dec 12)