[Snort-sigs] Sourcefire VRT Certified Snort Rules Update

research at ...435... research at ...435...
Tue Nov 4 17:26:18 EST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Snort Rules Update

Synopsis:
The Sourcefire VRT is aware of vulnerabilities affecting Novell
eDirectory, IBM DB2 and Openwsman.

Details:
Novell eDirectory Buffer Overflow (CVE-2008-4479):
Novell eDirectory contains a programming error that may allow a remote
attacker to execute code on a vulnerable system. The vulnerability is
exposed when the application attempts to parse a SOAP request with a
long header field.

Rules to detect attacks targeting this vulnerability are included in
this release and are identified with GID 1, SIDs 14989 and 14990.

IBM DB2 Buffer Overflow (CVE-2008-3854):
IBM DB2 is prone to multiple stack buffer overflows which may allow a
remote attacker to cause a Denial of Service (DoS) via the use of
excess data in multiple statements.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 14991.

Openwsman Buffer Overflow (CVE-2008-2234):
Openwsman contains programming errors that may allow a remote attacker
to execute code on an affected system. The vulnerability may be
exploited via a specially crafted HTTP header.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 14992.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2008-11-04.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJEL+O8GAEVQeoGrMRAtL2AKDE/aHlV6aB+ygY52nH9ZpVJSghvACeJEkD
k8ginsk1huNUJaku6lCrBis=
=HQlA
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list