[Snort-sigs] Snort Community Rules Update

Sourcefire VRT research at ...435...
Fri Apr 27 15:31:34 EDT 2007

This message is to announce the availability of an update for the Sourcefire community rule set, which can be downloaded free of cost or registration from http://www.snort.org/pub-bin/downloads.cgi.

New rules in this release are identified as SIDs 100000928-100000934. These rules cover a buffer overflow against the LANDesk Management Suite Alerting Service; an SQL injection attack agains the Xoops portal; and remote file inclusion attacks against the Drake CMS, Softerra Time-Assistant, and Aardvark web applications. Additionally, an update was made to SID 10000129 to make detection more accurate.

Sourcefire would like to thank Jared Braverman for submitting the update to SID 100000129. As a reminder, anyone who wishes to submit rules or updates to existing rules may do so at http://www.snort.org/reg-bin/rulesubmit.cgi.

A list of modified rules and their SIDs follows.

Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.

100000129 || COMMUNITY WEB-MISC Cisco IOS HTTP Router Management Service Infinite Loop DoS
100000928 || COMMUNITY EXPLOIT LANDesk Management Suite Alerting Service buffer overflow 
100000929 || COMMUNITY WEB-PHP Xoops module Articles SQL Injection Exploit 
100000930 || COMMUNITY WEB-PHP Drake CMS 404.php Local File Include Vulnerability 
100000931 || COMMUNITY WEB-PHP Softerra Time-Assistant remote include attempt 
100000932 || COMMUNITY WEB-PHP Softerra Time-Assistant remote include attempt 
100000933 || COMMUNITY WEB-PHP Aardvark button/settings_sql.php File Include Vulnerability 
100000934 || COMMUNITY WEB-PHP Aardvark button/new_day.php File Include Vulnerability 

More information about the Snort-sigs mailing list