[Snort-sigs] Sourcefire VRT Certified Rules Update

Sourcefire VRT research at ...435...
Mon May 14 15:55:14 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Rules Update

Synopsis:
The Sourcefire VRT is aware of a vulnerability affecting an ActiveX
control used by Symantec Norton AntiVirus products.

In conjunction with this release the Snort Team has released a new
version of Snort (2.6.1.5) that contains additional http_inspect
functionality.

Details:

 * A new http_post rule keyword used to search for content in
normalized HTTP posts
 * A fix for a potential memory leak when generating HTTP Inspection
events

NOTE: In the default configuration, the http_inspect preprocessor will
generate informational events on normalized HTTP POST data. To disable
these events, refer to the Snort Manual.

Symantec Norton AntiVirus ActiveX Control (CVE-2006-3456):
An ActiveX control used by Symantec Norton AntiVirus products contains
a vulnerability that may allow an attacker to execute code on an
affected host.

Rules to detect attacks targeting this vulnerability are included in
this release and are identified as SIDs 11268 through 11271.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2007-05-14.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGSL6ioFlcG+k7cPwRAlSqAJ4mOV5X7EiUU9+9tFX4irEOgbWO2wCfUHGR
QQ+hKsABPGliK5xXrtnG5wQ=
=z8CE
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list