[Snort-sigs] Sourcefire VRT Certified Snort Rules Update

research at ...435... research at ...435...
Tue Nov 11 15:03:27 EST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Snort Rules Update

Synopsis:
The Sourcefire VRT is aware of vulnerabilities affecting Microsoft
systems and Adobe Acrobat Reader.

Details:
Microsoft Security Advisory MS08-068:
A vulnerability in the Microsoft Server Message Block (SMB) protocol
may allow a remote attacker to execute code on an affected system. The
problem lies in the way that the protocol handles NTLM credentials when
users attempt to login to a system.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 3, SID 15009.

Microsoft Security Advisory MS08-069:
Multiple vulnerabilities exist in Microsoft XML Core Services, the most
serious of which may allow a remote attacker to execute code on an
affected system.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 3, SIDs 15012 and 15013.

Adobe Acrobat Reader Buffer Overflow (CVE-2008-2992):
Adobe Acrobat Reader is prone to a buffer overflow vulnerability which
may allow a remote attacker to execute code on an affected system. The
application fails to correctly check user-supplied data before passing
to the util.printf javascript function.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 15014.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2008-11-11.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJGdbf8GAEVQeoGrMRAmalAJ41VuWtmOOZ+F/lBMVa6iAkO9oSygCfYYum
IeJLygJYkapTPKfDpkHMuXg=
=93xP
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list