[Snort-sigs] Sourcefire VRT Certified Rules Update

Sourcefire VRT research at ...435...
Thu Feb 1 20:08:06 EST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Rules Update

Synopsis:
The Sourcefire Vulnerability Research Team (VRT) is aware of
vulnerabilities affecting BrightStor ARCserve Backup and has added a
number of rules to the specific-threats and backdoor categories.


Details:
BrightStor ARCserve CVE-2007-0169:
Computer Associates BrightStor ARCserve Backup Suite is vulnerable to
multiple remote buffer-overflow attacks due to poor checking of
user-supplied data to the application.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified as SIDs 10117 through 10122.

Specific Threats Update:
Multiple rules have been added in the specific-threats category to
provide further coverage for the Peacomm trojan and problems relating
to weak authentication with some Voice over IP (VoIP) telephones.

Rules to detect activity from the Peacomm trojan are included in this
release and are identified as SIDs 10113 and 10114.

Rules to detect attempts to exploit VoIP telephones are included in
this release and are identified as SIDs 10123 and 10124.


For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2007-02-01.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFwo72Mpm0ve0NhMcRAvHsAKCnxpjBfWNM7BHnGzS5FSpUSZ1VygCfVwoV
ES+E/XahidJjTYTmhR+V59g=
=nyVQ
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list