1347.txt

snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具

Rule:

--
Sid:
1341

--
Summary:
Attempted g++ command access via web

--
Impact:
Attempt to compile a binary on a host.

--
Detailed Information:
This is an attempt to compiile a C or C++ source on a host. The g++
command is the GNUproject's C and C++ compiler used to compile C and
C++ source filesinto executable binary files. The attacker could
possibly compile aprogram needed for other attacks on the system or
install a binaryprogram of his choosing.

--
Attack Scenarios:
The attacker can make a standard HTTP request that contains
'/usr/bin/g++'in theURI.

--
Ease of Attack:
Simple HTTP request.

--
False Positives:
None Known

--
False Negatives:
None Known

--
Corrective Action:

Webservers should not be allowed to view or execute files and binaries
outside of it'sdesignated web root or cgi-bin. This command may also
be requested ona command line should the attacker gain access to the
machine. Wheneverpossible, sensitive files and certain areas of the
filesystem shouldhave the system immutable flag set to prevent files
from being addedto the host. On BSD derived systems, setting the
systems runtimesecurelevel also prevents the securelevel from being
changed. (note: thesecurelevel can only be increased).
--
Contributors:
Sourcefire Research Team

-- 
Additional References:
sid: 1342
sid: 1343
sid: 1344
sid: 1345
sid: 1346
sid: 1347
sid: 1348

--