• info
• discussion
• exploit
• solution
• references

Multiple IDS Vendor Encoded IIS Attack Detection Evasion Vulnerability

Solution:
Snort 1.8.1 has fixed this vulnerability.

ISS has released a fixed upgrade for the Windows RealSecure Server Sensor 6.0 and a patch for version 5.5. Administrators are advised to upgrade to version 6.0.1. ISS has also released a hotfix for RealSecure Network Sensor versions 5.x to 6.0.

Users of Dragon IDS are advised to upgrade to version 5.0, which is not vulnerable.

Cisco has released a fix for Secure IDS.


Snort Project Snort 1.5

• Martin Roesch snort-1.8.1-RELEASE.tar.gz
  http://www.snort.org/releases/snort-1.8.1-RELEASE.tar.gz

Snort Project Snort 1.5.1

• Martin Roesch snort-1.8.1-RELEASE.tar.gz
  http://www.snort.org/releases/snort-1.8.1-RELEASE.tar.gz

Snort Project Snort 1.5.2

• Martin Roesch snort-1.8.1-RELEASE.tar.gz
  http://www.snort.org/releases/snort-1.8.1-RELEASE.tar.gz

Snort Project Snort 1.6

• Martin Roesch snort-1.8.1-RELEASE.tar.gz
  http://www.snort.org/releases/snort-1.8.1-RELEASE.tar.gz

Snort Project Snort 1.6.1

• Martin Roesch snort-1.8.1-RELEASE.tar.gz
  http://www.snort.org/releases/snort-1.8.1-RELEASE.tar.gz

Snort Project Snort 1.6.2

• Martin Roesch snort-1.8.1-RELEASE.tar.gz
  http://www.snort.org/releases/snort-1.8.1-RELEASE.tar.gz

Snort Project Snort 1.6.3

• Martin Roesch snort-1.8.1-RELEASE.tar.gz
  http://www.snort.org/releases/snort-1.8.1-RELEASE.tar.gz

Snort Project Snort 1.7

• Martin Roesch snort-1.8.1-RELEASE.tar.gz
  http://www.snort.org/releases/snort-1.8.1-RELEASE.tar.gz

Snort Project Snort 1.8

• Martin Roesch snort-1.8.1-RELEASE.tar.gz
  http://www.snort.org/releases/snort-1.8.1-RELEASE.tar.gz

Cisco Secure IDS Host Sensor 2.0

• Cisco Secure IDS Host Sensor 3.0(2)S6
  ftp://ftp-eng.cisco.com/csids-sig-updates/ServicePacks/IDSk9-sp-3.0-1. 43-S6-0.43-.bin

Cisco Secure IDS Network Sensor 3.0

• Cisco Secure IDS Host Sensor 3.0(2)S6
  ftp://ftp-eng.cisco.com/csids-sig-updates/ServicePacks/IDSk9-sp-3.0-1. 43-S6-0.43-.bin

Enterasys Dragon IDS 4.0

• Enterasys Dragon IDS 5.0
  http://dragon.enterasys.com

Internet Security Systems RealSecure Network Sensor 5.0

• Internet Security Systems XPU 3.2
  http://www.iss.net/db_data/xpu/RSNS 3.2.php

Internet Security Systems RealSecure Server Sensor 5.0 Win

• Internet Security Systems RealSecure Server Sensor 6.0.1 Win
  

Internet Security Systems RealSecure Server Sensor 5.5 Win

• Internet Security Systems RealSecure Server Sensor Patch
  http://www.iss.net/eval/eval.php


• Internet Security Systems RealSecure Server Sensor 6.0.1 Win
  

Internet Security Systems RealSecure Network Sensor 5.5

• Internet Security Systems XPU 3.2
  http://www.iss.net/db_data/xpu/RSNS 3.2.php

Internet Security Systems RealSecure Network Sensor 5.5.1

• Internet Security Systems XPU 3.2
  http://www.iss.net/db_data/xpu/RSNS 3.2.php

Internet Security Systems RealSecure Server Sensor 5.5.1 Win

• Internet Security Systems RealSecure Server Sensor Patch
  http://www.iss.net/eval/eval.php


• Internet Security Systems RealSecure Server Sensor 6.0.1 Win
  

Internet Security Systems RealSecure Network Sensor 5.5.2

• Internet Security Systems XPU 3.2
  http://www.iss.net/db_data/xpu/RSNS 3.2.php

Internet Security Systems RealSecure Server Sensor 5.5.2 Win

• Internet Security Systems RealSecure Server Sensor 6.0.1 Win
  

Internet Security Systems RealSecure Server Sensor 6.0 Win

• Internet Security Systems RealSecure Server Sensor 6.0.1 Win
  

Internet Security Systems RealSecure Network Sensor 6.0

• Internet Security Systems XPU 3.2
  http://www.iss.net/db_data/xpu/RSNS 3.2.php