[Snort-sigs] Snort Community Rules Update
research at ...435...
Tue Jan 24 07:29:16 EST 2006
This message is to announce the availability of an update for the
Sourcefire community rule set, which can be downloaded free of cost or
registration from http://www.snort.org/pub-bin/downloads.cgi.
New rules in this release are identified as SIDs 100000222-100000225.
These rules detect a format string attack against the TFTP32 server, a
buffer overflow attack against Softphone SIP phones, a buffer overflow
attack against Mozilla based on attachments with overly long filenames,
and access to a vulnerable parameter of ASPSurvey's Login_Validate.asp
page. Additionally, this release fixes a pair of incorrect reference
types, pointed out by Vyacheslav Burdjanadze.
Sourcefire would like to thank rmkml for submitting these rules. As a
reminder, anyone who wishes to submit rules may do so at
A list of new rules and their SIDs follows.
Community Rules Maintainer
100000222 || COMMUNITY MISC TFTP32 Get Format string attempt
100000223 || COMMUNITY EXPLOIT SIP UDP Softphone overflow attempt
100000224 || COMMUNITY SMTP Mozilla filename overflow attempt
100000225 || COMMUNITY WEB-MISC ASPSurvey Login_Validate.asp Password
More information about the Snort-sigs