2246.txt

snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具

Rule:  

--
Sid:
2246

--
Summary:
This event is generated when an attempt is made to access Webadmin from 
a source external to the protected network.

--
Impact:
Information disclosure.

--
Detailed Information:
WebAdmin is a web application that allows remote administration of 
MDaemon and RelayFax. A vulnerability exists such that the URI used by 
WebAdmin discloses the installation location of MDaemon and RelayFax. A 
URI can also be crafted by an attacker that would allow the reading of 
any file on the system. This information might then be used in further 
attacks against the host.

--
Affected Systems:
	WebAdmin prior to 2.0.3

--
Attack Scenarios:
The attacker needs to login to the server as an administrator then use 
WebAdmin.

--
Ease of Attack:
Simple. No exploit software required.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Upgrade to the latest non-affected version of the software.

--
Contributors:
Sourcefire Research Team
Brian Caswell <bmc@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

-- 
Additional References:

Bugtraq archive:
http://www.securityfocus.com/archive/1/319735

--