[Snort-sigs] Snort Community Rules Update

Sourcefire VRT research at ...435...
Tue Jan 24 07:29:16 EST 2006

This message is to announce the availability of an update for the 
Sourcefire community rule set, which can be downloaded free of cost or 
registration from http://www.snort.org/pub-bin/downloads.cgi.

New rules in this release are identified as SIDs 100000222-100000225. 
These rules detect a format string attack against the TFTP32 server, a 
buffer overflow attack against Softphone SIP phones, a buffer overflow 
attack against Mozilla based on attachments with overly long filenames, 
and access to a vulnerable parameter of ASPSurvey's Login_Validate.asp 
page. Additionally, this release fixes a pair of incorrect reference 
types, pointed out by Vyacheslav Burdjanadze.

Sourcefire would like to thank rmkml for submitting these rules. As a 
reminder, anyone who wishes to submit rules may do so at 

A list of new rules and their SIDs follows.

Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.

100000222 || COMMUNITY MISC TFTP32 Get Format string attempt
100000223 || COMMUNITY EXPLOIT SIP UDP Softphone overflow attempt
100000224 || COMMUNITY SMTP Mozilla filename overflow attempt
100000225 || COMMUNITY WEB-MISC ASPSurvey Login_Validate.asp Password 
param access

More information about the Snort-sigs mailing list