[Snort-sigs] Snort Community Rules Update

Blake Hartstein bhartstein at ...274...
Thu Jan 12 11:04:01 EST 2006

Using 'snort -c /etc/snort/snort.conf' (snort 2.4.3)

SID: 100000220 causes the following error.

SetUseDoePtr: No pattern match data found
ERROR: XXX.rules => Unable to initialize doe_ptr
Fatal Error, Quitting..

Correct by removing distance:0; which applies to uricontent.


Sourcefire VRT wrote:

> This message is to announce the availability of an update for the 
> Sourcefire community rule set, which can be downloaded free of cost or 
> registration from http://www.snort.org/pub-bin/downloads.cgi.
> New rules in this release are identified as SIDs 100000219-100000221. 
> These rules detect e-mail attachments of type ms-tnef, which may 
> contain malicious anti-Exchange or anti-Outlook code, as well as 
> access to vulnerable parameters PHP-Nuke and AppServ, which may allow 
> arbitrary command execution and arbitrary file access, respectively.
> Sourcefire would like to thank rmkml for submitting these rules. As a 
> reminder, anyone who wishes to submit rules may do so at 
> http://www.snort.org/reg-bin/rulesubmit.cgi.
> A list of new rules and their SIDs follows.
> Alex Kirk
> Community Rules Maintainer
> Sourcefire, Inc.
> 100000219 || COMMUNITY SMTP MIME-Type ms-tnef access
> 100000220 || COMMUNITY WEB-PHP PHP-Nuke admin_styles.php 
> phpbb_root_path access
> 100000221 || COMMUNITY WEB-PHP AppServ main.php appserv_root param access
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log 
> files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs

This email and any files transmitted with it are solely intended for the use of the addressee(s) and may contain information that is confidential and privileged.  If you receive this email in error, please advise us by return email immediately. Please also disregard the contents of the email, delete it and destroy any copies immediately.  Demarc Security, Inc. does not accept liability for the views expressed in the email or for the consequences of any computer viruses that may be transmitted with this email.

This email is also subject to copyright. No part of it should be reproduced, adapted or transmitted without the written consent of the copyright owner.

More information about the Snort-sigs mailing list