[Snort-sigs] Snort Community Rules Update

Sourcefire VRT research at ...435...
Wed Sep 13 16:48:39 EDT 2006

This message is to announce the availability of an update for the Sourcefire community rule set, which can be downloaded free of cost or registration from http://www.snort.org/pub-bin/downloads.cgi.

New rules in this release are identified as SIDs 100000892-100000899. These rules cover detection of the Weather Channel Desktop application, which may be policy violations in some environments; a Q.931 buffer overflow attack; and cross-site scripting attacks against the Blojsom Weblog system.

Sourcefire would like to thank Avinash Shenoi of the Cenzic Inc. CIA Research team for submitting SIDs 100000895-100000899. As a reminder, anyone who wishes to submit rules may do so at http://www.snort.org/reg-bin/rulesubmit.cgi.

A list of modified rules and their SIDs follows.

Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.

100000892 || COMMUNITY MISC Q.931 Invalid Call Reference Length Buffer Overflow
100000893 || COMMUNITY POLICY Weather Channel Desktop App Installer
100000894 || COMMUNITY POLICY Weather Channel Desktop App
100000895 || COMMUNITY WEB-MISC Blojsom Weblog blog-category-description xss attempt
100000896 || COMMUNITY WEB-MISC Blojsom Weblog blog-entry-title xss attempt
100000897 || COMMUNITY WEB-MISC Blojsom Weblog rss-enclosure-url xss attempt
100000898 || COMMUNITY WEB-MISC Blojsom Weblog technorati-tags xss attempt
100000899 || COMMUNITY WEB-MISC Blojsom Weblog blog-category-name xss attempt <http://www.snort.org/rules/docs/ruleset_changelogs/community/changes-2006-09-05.html>

More information about the Snort-sigs mailing list