[Snort-sigs] Sourcefire VRT Certified Rules Update

Sourcefire VRT research at ...435...
Thu May 24 17:00:27 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Rules Update

Synopsis:
The Sourcefire VRT is aware of a vulnerability affecting Apple OS X
systems which may allow a remote attacker to execute code on an
affected system.

Details:
Apple OS X mDNSResponder Buffer Overflow (CVE-2007-2386):
In the default configuration, Apple OS X has mDNSResponder installed
and listening on an ephemeral port. This service suffers from a buffer
overflow condition that is manifest when excess data in the Location
header is sent in a connection.

An existing rule has been modified to detect attacks targeting this
vulnerability and is included in this release. It is identified as SID
1388.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2007-05-24.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGVfzroFlcG+k7cPwRAuhSAJ91fERu//12MstTKXYuc907YZdyVwCeLMoO
5L4KBb6VcrZRnmM2hgkIMl8=
=Oay3
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list