[Snort-sigs] Sourcefire VRT Certified Rules Update
research at ...435...
Mon May 14 15:55:14 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Sourcefire VRT Certified Rules Update
The Sourcefire VRT is aware of a vulnerability affecting an ActiveX
control used by Symantec Norton AntiVirus products.
In conjunction with this release the Snort Team has released a new
version of Snort (126.96.36.199) that contains additional http_inspect
* A new http_post rule keyword used to search for content in
normalized HTTP posts
* A fix for a potential memory leak when generating HTTP Inspection
NOTE: In the default configuration, the http_inspect preprocessor will
generate informational events on normalized HTTP POST data. To disable
these events, refer to the Snort Manual.
Symantec Norton AntiVirus ActiveX Control (CVE-2006-3456):
An ActiveX control used by Symantec Norton AntiVirus products contains
a vulnerability that may allow an attacker to execute code on an
Rules to detect attacks targeting this vulnerability are included in
this release and are identified as SIDs 11268 through 11271.
For a complete list of new and modified rules please see:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Snort-sigs