Вы находитесь на странице: 1из 9

-

. 33508/4

..
<>

, ...

..
<>

-
2015

,


CVE (Common Vulnerabilities and Exposures),
MITRE. CVE ,
.
http://cve.mitre.org.
CVE
, ,
, ,
,
- .
CVE -

.
,
,
CVE:
Bugtraq (http://www.securityfocus.com/bid)
CIAC (http://www.ciac.org/cgibin/index/bulletins)
Open Source Vulnerability Database (http://osvdb.org)
,

http://www.nessus.org
http://www.mcafee.com/us/threat_center/default.asp
,
,
2

. ()

, .
2

:

( Snort)

( Snort). , 1

3
3.1

1.
1.1. CVE:
- CVE-1999-0264 ( , 20061101)
1.2. Bugtraq ID: 2001 ( 27 1998 .)
1.3. Snort: 1608.
1.3. Nessus: 10106.
1.5. X-Force Database (CVE
Compatible): 1466
2. : .
3. htmlscript Miva Corporation,
CGI .

.
3

(
passwd): http://www.vulnerable.server.com/cgibin/htmlscript?../../../../etc/passwd.
4. .
5. .
6. :

CGI
Miva htmlscript CGI 2.9932
7. ,
, .
8. Snort
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI
htmlscript attempt";flow:to_server,established; uricontent:"/htmlscript?../..";
nocase; reference:bugtraq,2001; reference:cve,CVE-1999-0264; classtype:webapplication-attack; sid:1608;

rev:3;)

: (alert)
:
IP
: TCP

:
( ):
"/htmlscript?../..";

Snort :
WEB-CGI htmlscript attempt.

9.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0264
4

http://www.iss.net/security_center/reference/vuln/HTTP_HTMLScript.htm
http://www.scip.ch/en/?vuldb.14066
http://english.securitylab.ru/nvd/246460.php
http://insecure.org/sploits/htmlscript.fileaccess.html
http://xforce.iss.net/CveSearch.do?p=CVE-YEAR-ID
3.2
1

2

1.1. CVE:
- CVE-1999-0517 ( 20150225)
- CVE-2002-0012 ( 20150225)
- CVE-2002-0013 ( 20150225)
1.2. Bugtraq ID: 2112 ( 17 1998 .)
Bugtraq ID: 4088 ( 12 2002 .)
Bugtraq ID: 4089 ( 12 2002 .)
1.3. Snort: 1412.
1.4. US-CERT: VU#107186

VU#854306
1.5. X-Force Database (CVE
Compatible):
CVE-1999-0517: 21, 134, 1239, 1240, 1243, 1244
CVE-2002-0012: 8177, 14588
CVE-2002-0013: 8176, 14586
10. : ,
.
11. SNMP.
community-. public,
(CVE-1999-0517).

PROTOS( ) :
5

trap-(CVE-2002-0012),
,
ANS.1
GetRequest, GetNextRequest, SetRequest(CVE-2002-0013).
12. (CVE-19990517).
13. (CVE-2002-0012,
CVE-2002-0013).
14. :
(CVE-1999-0517):
Microsoft Windows NT Workstation
Microsoft Windows NT Terminal Server
Microsoft Windows NT Server
Microsoft Windows NT Enterprise Server
Microsoft Windows NT 4.0
(CVE-2002-0012 CVE-2002-0013):
Sun Solaris
Sun Enterprise
SNMP Research Mid-Level Manager
SGI Brocade 2.6 .0
RedBack Networks AOS
Real Networks RealPlayer Intranet
Process Software TCPWare
Process Software Multinet
Oracle Enterprise Manager
Novell Netware
Net-SNMP ucd-snmp
Microsoft Windows XP Professional
6

Microsoft Windows XP Home


Microsoft Windows NT Workstation
Microsoft Windows NT Terminal Server
Microsoft Windows NT Server
Microsoft Windows NT Enterprise Server
Microsoft Windows 98SE
Microsoft Windows 98
Microsoft Windows 95
Microsoft Windows 2000 Terminal Services
Microsoft Windows 2000 Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server
Lotus Domino SNMP Agents
Lantronix LRS
Juniper Networks JUNOS 5.0
Innerdive Solutions Router IP Console
IBM AIX
HP Secure OS software for Linux
HP Procurve Switch
HP OV/SAM 3.0.1
HP OpenView Network Node Manager
HP OpenView Extensible SNMP Agent
HP OpenView Emanate SNMP Agent
HP OpenView Distributed Management
HP MPE/iX
7

HP MC/ServiceGuard
HP JetDirect
HP HP-UX
Comtek Services NMServer
Computer Associates Unicenter
Caldera UnixWare
AdventNet SNMP Utilities
3Com WebCache
3Com Switch
3Com PS Hub
SNMP: v1, v2c, v3.
15.(CVE-1999-0517)

( ).
(CVE-2002-0012 CVE-2002-0013) DoS ,

.
16. Snort
alert tcp $EXTERNAL_NET any -> $HOME_NET 161 (msg:"SNMP public access tcp";
flow:to_server,established; content:"public"; reference:cve,CAN-1999-0517;
reference:cve,CAN-2002-0012; reference:cve,CAN-2002-0013; sid:1412;
classtype:attempted-recon; rev:5;)

: (alert)
:
IP ,
( HOME_NET)
: TCP
161
:
8

: "public"

Snort :
SNMP public access tcp

17.
http://tools.cisco.com/security/center/viewAlert.x?alertId=3293
http://xforce.iss.net/CveSearch.do?p=CVE-YEAR-ID
http://www.ists.dartmouth.edu/library/9.pdf
http://www.iss.net/security_center/reference/vuln/SNMP_Lanman_Enum.htm
http://www.securityfocus.com/bid/4089/info
http://www.securityfocus.com/bid/4088/info
http://www.securityfocus.com/bid/2112/info
https://www.rapid7.com/db/vulnerabilities/SNMP-READ-0001
3.3

Snort

alert tcp any any -> any any (msg:"Error! Program buffer overflow"; content:"|68 63
6d 64|"; content"|90 90 90|"; nocase; classtype:shellcode-detect; sid: 1394; rev:9;)

"|68 63 6d 64|" push cmd


"|90 90 90|" nop,
.