[Snort-sigs] Sourcefire VRT Certified Rules Update

Sourcefire VRT research at ...435...
Mon Jan 22 16:25:38 EST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Rules Update

Synopsis:
The Sourcefire Vulnerability Research Team (VRT) is aware of
vulnerabilities affecting BrightStor ARCserve Backup and has added
rules to the specific-threats category.


Details:
BrightStor ARCserve CVE-2007-0169:
Computer Associates BrightStor ARCserve backup suite is vulnerable to
multiple remote buffer overflow attacks due to poor checking of
user-supplied data to the application.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified as SIDs 10018 through 10061.

Specific Threats Update:
Multiple rules have been added in the specific-threats category to
provide coverage for the the Peacomm trojan currently circulating via
email. This trojan is known to communicate with other peers via UDP in
order to create a botnet.

Rules to detect activity from this trojan are included in this release
and are identified as SIDs 10065 through 10083.


For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2007-01-22.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFtSvRMpm0ve0NhMcRAmRnAKCfp64XF3GOYPklJdqU9qw7iY+5uACdGH4I
zUsT5sNk37bqFG/Nu4x3tUU=
=aFta
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list