[Snort-sigs] Sourcefire VRT Certified Snort Rules Update

research at ...435... research at ...435...
Tue Jun 19 16:45:45 EDT 2007


Sourcefire VRT Certified Snort Rules Update

Synopsis:
The Sourcefire VRT has added rules to the Backdoor and Spyware-put
categories and has also improved detection functionality for the Samba
call_trans2open buffer overflow vulnerability.

Details:
As a result of ongoing research, the Sourcefire VRT has added rules to
the Backdoor and Spyware-put categories.

Samba call_trans2open Buffer Overflow (CVE-2003-0201):
The Sourcefire VRT has improved detection functionality for the Samba
call_trans2open buffer overflow vulnerability.

The Samba network file server suffers from a programming error that may
allow an attacker to execute code on a vulnerable host via a long
pathname argument in a trans2open request.

Rules to detect attacks targeting this vulnerability are included in
this release and are identified as SIDs 11955 through 11964.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2007-06-19.html


-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Snort Rules Update

Synopsis:
The Sourcefire VRT has added rules to the Backdoor and Spyware-put categories and has also improved detection functionality for the Samba call_trans2open buffer overflow vulnerability.

Details:
As a result of ongoing research, the Sourcefire VRT has added rules to the Backdoor and Spyware-put categories. 

Samba call_trans2open Buffer Overflow (CVE-2003-0201):
The Sourcefire VRT has improved detection functionality for the Samba call_trans2open buffer overflow vulnerability.

The Samba network file server suffers from a programming error that may allow an attacker to execute code on a vulnerable host via a long pathname argument in a trans2open request.

Rules to detect attacks targeting this vulnerability are included in this release and are identified as SIDs 11955 through 11964.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2007-06-19.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)

iD8DBQFGeCU/oFlcG+k7cPwRAn5fAJ96syOAUiouWAb1zFMaMl8Q3kDPFgCgu8cR
a1jikRFB6o+0pt0uTUC0/9M=
=8OW0
-----END PGP SIGNATURE-----


More information about the Snort-sigs mailing list