#alert tcp $EXTERNAL_NET any -> $HOME_NET 7700 (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; flow:established; content:"|21 00 21 03|"; pcre:"/[0-9a-zA-Z]{10}/R"; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; reference:url,doc.emergingthreats.net/bin/view/Main/2007933; classtype:misc-attack; sid:2007933; rev:8;)

Added 2012-08-31 21:47:21 UTC


#alert tcp $EXTERNAL_NET any -> $HOME_NET 7700 (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; flow:established; content:"|21 00 21 03|"; pcre:"/[0-9a-zA-Z]{10}/R"; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; reference:url,doc.emergingthreats.net/bin/view/Main/2007933; classtype:misc-attack; sid:2007933; rev:8;)

Added 2012-08-31 18:30:04 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 7700 (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; flow:established; content:"|21 00 21 03|"; fast_pattern:only; pcre:"/[0-9a-zA-Z]{10,}/R"; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; reference:url,doc.emergingthreats.net/bin/view/Main/2007933; classtype:misc-attack; sid:2007933; rev:8;)

Added 2011-10-12 19:24:07 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 7700 (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; flow:established; content:"|21 00 21 03|"; fast_pattern:only; pcre:"/[0-9a-zA-Z]{10,}/R"; classtype:misc-attack; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; reference:url,doc.emergingthreats.net/bin/view/Main/2007933; sid:2007933; rev:8;)

Added 2011-09-14 22:37:35 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 7700 (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; flow:established; content:"|21 00 21 03|"; fast_pattern:only; pcre:"/[0-9a-zA-Z]{10,}/R"; classtype:misc-attack; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; reference:url,doc.emergingthreats.net/bin/view/Main/2007933; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Zilab; sid:2007933; rev:8;)

Added 2011-02-04 17:27:01 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; flow:established; content:"|21 00 21 03|"; pcre:"/[0-9a-zA-Z]{10,}/R"; classtype:misc-attack; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; reference:url,doc.emergingthreats.net/bin/view/Main/2007933; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Zilab; sid:2007933; rev:4;)

Added 2010-02-12 13:31:56 UTC

False positive on a jpg image from www.soft-files.com (74.63.193.226)

000 : 48 54 54 50 2F 31 2E 31 20 32 30 30 20 4F 4B 0D HTTP/1.1 200 OK. ... 0f0 : 37 30 0D 0A 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 70..Connection: 100 : 4B 65 65 70 2D 41 6C 69 76 65 0D 0A 43 6F 6E 74 Keep-Alive..Cont 110 : 65 6E 74 2D 54 79 70 65 3A 20 69 6D 61 67 65 2F ent-Type: image/ 120 : 6A 70 65 67 0D 0A 0D 0A FF D8 FF E0 00 10 4A 46 jpeg..........JF 130 : 49 46 00 01 01 01 00 60 00 60 00 00 FF DB 00 43 IF.....`.`.....C 140 : 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0A 0C ................ 150 : 14 0D 0C 0B 0B 0C 19 12 13 0F 14 1D 1A 1F 1E 1D ................ 160 : 1A 1C 1C 20 24 2E 27 20 22 2C 23 1C 1C 28 37 29 ... $.' ",#..(7) 170 : 2C 30 31 34 34 34 1F 27 39 3D 38 32 3C 2E 33 34 ,01444.'9=82<.34 180 : 32 FF DB 00 43 01 09 09 09 0C 0B 0C 18 0D 0D 18 2...C........... 190 : 32 21 1C 21 32 32 32 32 32 32 32 32 32 32 32 32 2!.!222222222222 1a0 : 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 2222222222222222 1b0 : 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 2222222222222222 1c0 : 32 32 32 32 32 32 FF C0 00 11 08 00 [21 00 21 03] 222222......!.!.

IanR

-- IanR - 02 Sep 2010


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; flow:established; content:"|21 00 21 03|"; pcre:"/[0-9a-zA-Z]{10,}/R"; classtype:misc-attack; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; reference:url,doc.emergingthreats.net/bin/view/Main/2007933; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Zilab; sid:2007933; rev:4;)

Added 2010-02-12 13:31:56 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; flow:established; content:"|21 00 21 03|"; distance:0; pcre:"/[0-9a-zA-Z]{10,}/"; classtype:misc-attack; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; reference:url,doc.emergingthreats.net/bin/view/Main/2007933; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Zilab; sid:2007933; rev:3;)

Added 2009-02-07 22:00:26 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; flow:established; content:"|21 00 21 03|"; distance:0; pcre:"/[0-9a-zA-Z]{10,}/"; classtype:misc-attack; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; reference:url,doc.emergingthreats.net/bin/view/Main/2007933; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Zilab; sid:2007933; rev:3;)

Added 2009-02-07 22:00:26 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; flow:established; content:"|21 00 21 03|"; distance:0; pcre:"/[0-9a-zA-Z]{10,}/"; classtype:misc-attack; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; sid:2007933; rev:2;)

Added 2008-05-18 19:52:13 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; flow:established; content:"|21 00 21 03|"; distance:0; pcre:"/[0-9a-zA-Z]{10,}/"; classtype:misc-attack; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; sid:2007933; rev:2;)

Added 2008-05-18 19:52:13 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability"; content:"|21 00 21 03|"; distance:0; pcre:"/[0-9a-zA-Z]{10,}/"; classtype:misc-attack; reference:url,aluigi.altervista.org/adv/zilabzcsx-adv.txt; reference:bugtraq,27940; sid:2007933; rev:1;)

Added 2008-03-07 15:22:46 UTC


Topic revision: r2 - 2010-09-02 - IanR
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats