[Snort-sigs] Sourcefire VRT Certified Snort Rules Update 2009-12-08

Matt Olney molney at ...435...
Tue Dec 8 15:22:02 EST 2009


We're working with IT on this...I'll throw a personal beat down over the
wall and see if I can get this addressed.  I know you guys have scripted a
ton of automation out there, and the website impacts that when it changes or
fails.

Off to see what can be done,

Matt

On Tue, Dec 8, 2009 at 3:15 PM, evilghost at ...3397... <
evilghost at ...3397...> wrote:

> Hello.  The change log is 404, again.  I depend on the Change Log.  I
> cried, but just once this time since
>
> http://www.snort.org/vrt/docs/ruleset_changelogs/CURRENT/changes-2009-12-08.html
> seems to work.
>
>
> http://www.snort.org/vrt/docs/ruleset_changelogs/2_8/changes-2009-12-08.html
> is 404.
>
> Cheers,
> evilghost
>
> Research wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > From: VRT Advisory Builder <vrtbuild at ...435...>
> > To: Matt Watchinski <mwatchinski at ...435...>, Lurene Grenier <
> lgrenier at ...435...>, Marketing <steve.kane at ...435...>, Clint
> Brown <cbrown at ...435...>
> > Cc: Nigel Houghton <nigel at ...435...>, Dave Parrish <
> dparrish at ...435...>, John Leone <jleone at ...435...>
> > Reply-To: Nigel Houghton <nigel at ...435...>
> > X-Mailer: VRT Rule Pack Auto Mailer 2.0
> > Subject: Sourcefire VRT Certified Snort Rules Update 2009-12-08 FINAL
> >
> > Sourcefire VRT Certified Snort Rules Update
> >
> > Synopsis:
> > The Sourcefire VRT is aware of multiple vulnerabilities affecting
> > Microsoft products.
> >
> > Details:
> > Microsoft Security Advisory MS09-070:
> > A vulnerability in Microsoft Active Directory may allow a remote
> > attacker to execute code on an affected system.
> >
> > A rule to detect attacks targeting this vulnerability is included in
> > this release and is identified with GID 3, SID 16312.
> >
> > Microsoft Security Advisory MS09-071:
> > A vulnerability in the Microsoft Challenge Handshake Authentication
> > Protocol (MS-CHAPv2) may allow a remote attacker to escalate privileges
> > on an affected system. This does not require authentication to exploit.
> >
> > A rule to detect attacks targeting this vulnerability is included in
> > this release and is identified with GID 3, SID 16329.
> >
> > Microsoft Security Advisory MS09-072:
> > Microsoft Internet Explorer contains several vulnerabilities that may
> > allow a remote attacker to execute code on a vulnerable system.
> >
> > Rules to detect attacks targeting these vulnerabilities are included in
> > this release and are identified with GID 3, SIDs 16317, 16326 and
> > 16330.
> >
> > Additionally, previously released rules that will also detect attacks
> > targeting these vulnerabilities are identified with GID 1, SIDs 15638,
> > 15639, 16159 through 16166, 16310 and 16311.
> >
> > Microsoft Security Advisory MS09-073:
> > The Microsoft Word converter fails to correctly validate user-supplied
> > input. As a result, an attacker may leverage this error to execute code
> > on an affected system.
> >
> > A rule to detect attacks targeting this vulnerability is included in
> > this release and is identified with GID 3, SID 16314.
> >
> > Microsoft Security Advisory MS09-074:
> > Microsoft Project contains a programming error that may allow a remote
> > attacker to execute code on an affected system via the use of a
> > specially crafted file.
> >
> > A rule to detect attacks targeting this vulnerability is included in
> > this release and is identified with GID 1, SID 16328.
> >
> > For a complete list of new and modified rules please see:
> >
> > http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-12-08.html
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.6 (GNU/Linux)
> >
> > iD8DBQFLHornQcQOxItLLaMRAi18AJ4gt/AkUbtatL8KHWQw6oNxzNhXnACgjuez
> > U078gMlSa6iyoirefj3B85g=
> > =S3Nc
> > -----END PGP SIGNATURE-----
> >
> >
> >
> ------------------------------------------------------------------------------
> > Return on Information:
> > Google Enterprise Search pays you back
> > Get the facts.
> > http://p.sf.net/sfu/google-dev2dev
> > _______________________________________________
> > Snort-sigs mailing list
> > Snort-sigs at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/snort-sigs
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20091208/9e5c7dac/attachment.html>


More information about the Snort-sigs mailing list