[Snort-sigs] Sourcefire VRT Certified Rules Updates

Sourcefire VRT research at ...435...
Thu Nov 16 17:25:37 EST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Rules Update

Synopsis:
The Sourcefire VRT is aware of multiple vulnerabilities affecting
systems using the Microsoft Windows Operating System some of which
could allow an attacker to execute code or cause a Denial of Service
(DoS) on an affected system.


Details:
Microsoft Security Bulletin MS06-066:
Multiple vulnerabilities exist in the way that Microsoft Client Service
for Netware handles network communications. It may be possible for a
remote attacker to execute code of their choosing on an affected
system.  It is also possible for an attacker to cause a Denial of
Service (DoS) condition for the service.

The attacker does not need prior authentication for exploitation to
take place on some operating systems.

Rules to detect attacks targeting this vulnerability are included in
this rule pack and are identified as sids 9132 through 9323.

WinZip ActiveX Control CVE-2006-5198:
It may be possible for a remote attacker to use the WinZip ActiveX
control to execute code of their choosing on a vulnerable system.

Rules to detect attacks targeting this vulnerability are included in
this rule pack and are identified as sids 9129 through 9131.



For a complete list of new and modified rules please see:

http://www.snort.org/rules/docs/ruleset_changelogs/changes2006-11-16.ht
ml
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFFXOVhMpm0ve0NhMcRAlDjAJ0c9Z68R0k+t7dJZY9dXsCIpYBfKwCdH+Le
ZRCIT1cp8/K+1MhDaXb5S7Y=
=jshg
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list