[Snort-sigs] Sourcefire VRT Certified Snort Rules Update

research at ...435... research at ...435...
Tue Nov 18 16:00:46 EST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourcefire VRT Certified Snort Rules Update

Synopsis:
The Sourcefire VRT is aware of a vulnerability affecting the HP
OpenView Network Node Manager. This release also introduces two new
rule groups.

Details:
This releases introduces scada.rules and web-activex.rules as new rule
groups.

SCADA Rules:
This group contains rules that pertain to the Supervisory Control and
Data Acquisition (SCADA) protocol used for computer controlled system
monitoring and process control.

Web-ActiveX Rules:
This group contains rule that were formerly in the web-client.rules
group. It has been created to better manage the large number of ActiveX
rules now in the VRT certified rule set.

HP OpenView Network Node Manager Buffer Overflow (CVE-2008-1852):
HP OpenView Network Node Manager is prone to a buffer overflow
vulnerability which may allow a remote attacker to execute code on an
affected system. The application fails to correctly check the number of
user-supplied sub-arguments in a request which then triggers a memory
allocation failure.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 15078.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2008-11-18.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJIxos8GAEVQeoGrMRAryxAKCabBDHjyFprXCEFvUmnCuPvHRIUgCgpbr0
K9IKiIxMGvfqC35WECLVeMs=
=duHA
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list