[Snort-sigs] Snort Community Rules Update

Sourcefire VRT research at ...435...
Thu Jan 12 10:33:01 EST 2006


This message is to announce the availability of an update for the 
Sourcefire community rule set, which can be downloaded free of cost or 
registration from http://www.snort.org/pub-bin/downloads.cgi.

New rules in this release are identified as SIDs 100000219-100000221. 
These rules detect e-mail attachments of type ms-tnef, which may contain 
malicious anti-Exchange or anti-Outlook code, as well as access to 
vulnerable parameters PHP-Nuke and AppServ, which may allow arbitrary 
command execution and arbitrary file access, respectively.

Sourcefire would like to thank rmkml for submitting these rules. As a 
reminder, anyone who wishes to submit rules may do so at 
http://www.snort.org/reg-bin/rulesubmit.cgi.

A list of new rules and their SIDs follows.

Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.

100000219 || COMMUNITY SMTP MIME-Type ms-tnef access
100000220 || COMMUNITY WEB-PHP PHP-Nuke admin_styles.php phpbb_root_path 
access
100000221 || COMMUNITY WEB-PHP AppServ main.php appserv_root param access





More information about the Snort-sigs mailing list