[Snort-sigs] Sourcefire VRT Certified Rules Update

Sourcefire VRT research at ...435...
Tue Apr 10 23:20:32 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Rules Update

Synopsis:
The Sourcefire VRT is aware of vulnerabilities affecting hosts using
Microsoft UPnP service and the Microsoft Agent.


Details:
Microsoft Security Bulletin (MS07-019):
Microsoft Universal Plug and Play does not correctly handle malformed
HTTP requests. This may allow an attacker to overflow a buffer and
execute code on a vulnerable host.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified as SID 10475

Microsoft Security Bulletin (MS07-020):
Microsoft Agent does not correctly handle malformed URLs. This may
allow an attacker to cause a buffer overflow condition to occur and
subsequently, execute code on an affected system.

Previously released rules will generate events when attempts are made
to exploit this condition. These rules are identified as SIDs 4172 and
8846 through 8856. In addition, new rules are included in this release
to detect attacks targeting this vulnerability and are identified as
SIDs 10465 and 10474.


For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2007-04-10.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGHFQAoFlcG+k7cPwRApGhAJ0bWH8WQE+HYXgbhLVX9z3qT3pRmgCgzxyt
qGxcW996C8C8SX4GM3haOOk=
=qjXo
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list