[Snort-sigs] Sourcefire VRT Certified Rules Update
research at ...435...
Mon Jan 22 16:25:38 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Sourcefire VRT Certified Rules Update
The Sourcefire Vulnerability Research Team (VRT) is aware of
vulnerabilities affecting BrightStor ARCserve Backup and has added
rules to the specific-threats category.
BrightStor ARCserve CVE-2007-0169:
Computer Associates BrightStor ARCserve backup suite is vulnerable to
multiple remote buffer overflow attacks due to poor checking of
user-supplied data to the application.
Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified as SIDs 10018 through 10061.
Specific Threats Update:
Multiple rules have been added in the specific-threats category to
provide coverage for the the Peacomm trojan currently circulating via
email. This trojan is known to communicate with other peers via UDP in
order to create a botnet.
Rules to detect activity from this trojan are included in this release
and are identified as SIDs 10065 through 10083.
For a complete list of new and modified rules please see:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Snort-sigs