[Snort-sigs] Snort Community Rules Update
research at ...435...
Thu Jan 12 10:33:01 EST 2006
This message is to announce the availability of an update for the
Sourcefire community rule set, which can be downloaded free of cost or
registration from http://www.snort.org/pub-bin/downloads.cgi.
New rules in this release are identified as SIDs 100000219-100000221.
These rules detect e-mail attachments of type ms-tnef, which may contain
malicious anti-Exchange or anti-Outlook code, as well as access to
vulnerable parameters PHP-Nuke and AppServ, which may allow arbitrary
command execution and arbitrary file access, respectively.
Sourcefire would like to thank rmkml for submitting these rules. As a
reminder, anyone who wishes to submit rules may do so at
A list of new rules and their SIDs follows.
Community Rules Maintainer
100000219 || COMMUNITY SMTP MIME-Type ms-tnef access
100000220 || COMMUNITY WEB-PHP PHP-Nuke admin_styles.php phpbb_root_path
100000221 || COMMUNITY WEB-PHP AppServ main.php appserv_root param access
More information about the Snort-sigs