[Snort-sigs] Sourcefire VRT Certified Snort Rules Update

research at ...435... research at ...435...
Tue Aug 28 11:44:16 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Snort Rules Update

Synopsis:
The Sourcefire VRT is aware of vulnerabilities affecting Trend Micro ServerProtect. Additional rules have been added to the spyware-put, backdoor and policy rule groups.

Details:
Trend Micro ServerProtect Buffer Overflows CVE-2007-4218:
Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports.

More information is available from
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4218.

Rules to detect attacks targeting this vulnerability are included in this release and are identified as SIDs 12309 through 12347.

As a result of ongoing research, the Sourcefire VRT has added multiple rules to the spyware-put, backdoor and policy rule groups.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2007-08-28.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)

iD8DBQFG1DFioFlcG+k7cPwRAhcYAJ4nq4eSex2KsXj82gRvz7Pr9f8ERACfWm3B
SxNih2thDrsq+wz+StLW8yQ=
=8AcQ
-----END PGP SIGNATURE-----





More information about the Snort-sigs mailing list