[Snort-sigs] Snort Community Rules Update
research at ...435...
Fri Apr 27 15:31:34 EDT 2007
This message is to announce the availability of an update for the Sourcefire community rule set, which can be downloaded free of cost or registration from http://www.snort.org/pub-bin/downloads.cgi.
New rules in this release are identified as SIDs 100000928-100000934. These rules cover a buffer overflow against the LANDesk Management Suite Alerting Service; an SQL injection attack agains the Xoops portal; and remote file inclusion attacks against the Drake CMS, Softerra Time-Assistant, and Aardvark web applications. Additionally, an update was made to SID 10000129 to make detection more accurate.
Sourcefire would like to thank Jared Braverman for submitting the update to SID 100000129. As a reminder, anyone who wishes to submit rules or updates to existing rules may do so at http://www.snort.org/reg-bin/rulesubmit.cgi.
A list of modified rules and their SIDs follows.
Community Rules Maintainer
100000129 || COMMUNITY WEB-MISC Cisco IOS HTTP Router Management Service Infinite Loop DoS
100000928 || COMMUNITY EXPLOIT LANDesk Management Suite Alerting Service buffer overflow
100000929 || COMMUNITY WEB-PHP Xoops module Articles SQL Injection Exploit
100000930 || COMMUNITY WEB-PHP Drake CMS 404.php Local File Include Vulnerability
100000931 || COMMUNITY WEB-PHP Softerra Time-Assistant remote include attempt
100000932 || COMMUNITY WEB-PHP Softerra Time-Assistant remote include attempt
100000933 || COMMUNITY WEB-PHP Aardvark button/settings_sql.php File Include Vulnerability
100000934 || COMMUNITY WEB-PHP Aardvark button/new_day.php File Include Vulnerability
More information about the Snort-sigs