[Snort-sigs] Sourcefire VRT Certified Snort Rules Update

research at ...435... research at ...435...
Tue Sep 25 16:29:28 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Snort Rules Update

Synopsis:
The Sourcefire VRT is aware of vulnerabilities affecting Firefox, ClamAV and the Apache HTTP Server.

Details:
Firefox QuickTime Argument Injection (CVE-2007-5045):
A remote attacker may be able to execute commands via a QuickTime Media Link (QTL) file on systems using Firefox prior to version 2.0.7.

A rule to detect attacks targeting this vulnerability is included in this release and is identified as SID 12593.

ClamAV Command Execution (CVE-2007-4560):
The clamav-milter used in ClamAV prior to version 0.91.2 when run in black hole mode, may allow a remote attacker to execute commands via shell meta-characters.

A rule to detect attacks targeting this vulnerability is included in this release and is identified as SID 12592.

Apache HTTP Server Denial of Service (CVE-2007-1863):
The Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, is vulnerable to a Denial of Service (DoS) condition via a request using certain Cache-Control headers.

A rule to detect attacks targeting this vulnerability is included in this release and is identified as SID 12591.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2007-09-25.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)

iD8DBQFG+VTZoFlcG+k7cPwRAgZdAJ9IhZBIWhgd1E3JDZe/qH663zbAOgCfTZBJ
Q/OKcmW8SR3mPCL/8pFPStg=
=q2ts
-----END PGP SIGNATURE-----





More information about the Snort-sigs mailing list