[Snort-sigs] Snort Community Rules Update

Sourcefire VRT research at ...435...
Tue Dec 27 10:42:01 EST 2005


This message is to announce the availability of an update for the 
Sourcefire community rule set, which can be downloaded free of cost or 
registration from http://www.snort.org/pub-bin/downloads.cgi.

New rules in this release are identified as SIDs 100000215-100000218. 
These rules detect a denial of service attack against the Trend Micro 
ServerProtect EarthAgent, access to a vulnerable DLL in the Trend Micro 
ServerProtect Management Console, SQL injection attacks against the 
MailGust system, and command injection attempts against the man2web 
program. Additionally, several reference updates and corrections have 
been made.

Sourcefire would like to thank rmkml for submitting the new rules, and 
Stefan Bauer for submitting the reference updates. As a reminder, anyone 
who wishes to submit rules may do so at 
http://www.snort.org/reg-bin/rulesubmit.cgi.

A list of new rules and their SIDs follows.

Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.

100000215 || COMMUNITY DOS Trend Micro ServerProtect EarthAgent attempt
100000216 || COMMUNITY WEB-MISC Trend Micro ServerProtect 
isaNVWRequest.dll access
100000217 || COMMUNITY WEB-MISC man2web cmd exec attempt
100000218 || COMMUNITY WEB-PHP MailGust SQL Injection email attempt





More information about the Snort-sigs mailing list