[Snort-sigs] Sourcefire VRT Certified Snort Rules Update

research at ...435... research at ...435...
Tue Apr 22 17:55:48 EDT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Snort Rules Update

Synopsis:
The Sourcefire VRT is aware of vulnerabilities affecting HP OpenView and Asterisk Open Source applications.

Details:
HP OpenView Network Node Manager Buffer Overflow (CVE-2008-1697):
A programming error in HP OpenView Network Node Manager may allow a remote attacker to cause a stack based buffer overflow. The condition may be exploited via a long URI in an HTTP request that the attacker could use to execute code on an affected system.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with SID 13715.

Asterisk RTP Buffer Overflow Vulnerabilities (CVE-2008-1289):
A programming error in Asterisk Open Source may allow a remote attacker to execute code on an affected system. The problem occurs in the handling of RTP payloads and payload sizes.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with SID 13715.

The Sourcefire VRT has also added multiple rules related to ActiveX controls and the detection of Tor network traffic.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2008-04-22.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)

iD8DBQFIDiiQ8GAEVQeoGrMRAgRoAJ0RZRpZVD8l7iUNg6eWl5EQp5sQGgCfSZPO
wa0uNnjwHSzMprKT/ykTtEg=
=j5uI
-----END PGP SIGNATURE-----





More information about the Snort-sigs mailing list