[Snort-sigs] Sourcefire VRT Certified Rules Update

Sourcefire VRT research at ...435...
Tue Apr 17 17:59:48 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Rules Update

Synopsis:
The Sourcefire VRT is aware of vulnerabilities affecting hosts using
the Microsoft DNS Server Service. This release enhances the detection
capabilities for this vulnerability.


Details:
Microsoft Security Advisory (935964):
Microsoft DNS Server Service is prone to a vulnerability that may allow
a remote attacker to execute code on an affected system. This issue is
present in the RPC interface of servers using Microsoft's
implementation of DNS.

In order to detect attacks targeting this vulnerability, the DCE/RPC
preprocessor must be configured to use 'autodetect'. This is the
default behavior for the preprocessor.

The Sourcefire VRT has continued research into this issue. As a result,
this release provides improved detection for attacks targeting this
vulnerability.


For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2007-04-17.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGJUNToFlcG+k7cPwRAvaJAKCIuxuv0rv1oC2oeaMvFkkZe2d7VgCeJ4j6
PQSOzRA9Bp8Bivt/gxxIuhM=
=Mzzu
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list