[Snort-sigs] Sourcefire VRT Certified Snort Rules Update 2009-12-08

Matt Olney molney at ...435...
Tue Dec 8 15:26:48 EST 2009


Nigel said they were already on it, and he was right:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-12-08.html
and
http://www.snort.org/vrt/docs/ruleset_changelogs/2_8/changes-2009-12-08.html


<http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-12-08.html>Both
work, just fixed in the last few minutes.

Thanks web-guys!

Matt

On Tue, Dec 8, 2009 at 3:22 PM, Matt Olney <molney at ...435...> wrote:

> We're working with IT on this...I'll throw a personal beat down over the
> wall and see if I can get this addressed.  I know you guys have scripted a
> ton of automation out there, and the website impacts that when it changes or
> fails.
>
> Off to see what can be done,
>
> Matt
>
>
> On Tue, Dec 8, 2009 at 3:15 PM, evilghost at ...3397... <
> evilghost at ...3397...> wrote:
>
>> Hello.  The change log is 404, again.  I depend on the Change Log.  I
>> cried, but just once this time since
>>
>> http://www.snort.org/vrt/docs/ruleset_changelogs/CURRENT/changes-2009-12-08.html
>> seems to work.
>>
>>
>> http://www.snort.org/vrt/docs/ruleset_changelogs/2_8/changes-2009-12-08.html
>> is 404.
>>
>> Cheers,
>> evilghost
>>
>> Research wrote:
>> > -----BEGIN PGP SIGNED MESSAGE-----
>> > Hash: SHA1
>> >
>> > From: VRT Advisory Builder <vrtbuild at ...435...>
>> > To: Matt Watchinski <mwatchinski at ...435...>, Lurene Grenier <
>> lgrenier at ...435...>, Marketing <steve.kane at ...435...>, Clint
>> Brown <cbrown at ...435...>
>> > Cc: Nigel Houghton <nigel at ...435...>, Dave Parrish <
>> dparrish at ...435...>, John Leone <jleone at ...435...>
>> > Reply-To: Nigel Houghton <nigel at ...435...>
>> > X-Mailer: VRT Rule Pack Auto Mailer 2.0
>> > Subject: Sourcefire VRT Certified Snort Rules Update 2009-12-08 FINAL
>> >
>> > Sourcefire VRT Certified Snort Rules Update
>> >
>> > Synopsis:
>> > The Sourcefire VRT is aware of multiple vulnerabilities affecting
>> > Microsoft products.
>> >
>> > Details:
>> > Microsoft Security Advisory MS09-070:
>> > A vulnerability in Microsoft Active Directory may allow a remote
>> > attacker to execute code on an affected system.
>> >
>> > A rule to detect attacks targeting this vulnerability is included in
>> > this release and is identified with GID 3, SID 16312.
>> >
>> > Microsoft Security Advisory MS09-071:
>> > A vulnerability in the Microsoft Challenge Handshake Authentication
>> > Protocol (MS-CHAPv2) may allow a remote attacker to escalate privileges
>> > on an affected system. This does not require authentication to exploit.
>> >
>> > A rule to detect attacks targeting this vulnerability is included in
>> > this release and is identified with GID 3, SID 16329.
>> >
>> > Microsoft Security Advisory MS09-072:
>> > Microsoft Internet Explorer contains several vulnerabilities that may
>> > allow a remote attacker to execute code on a vulnerable system.
>> >
>> > Rules to detect attacks targeting these vulnerabilities are included in
>> > this release and are identified with GID 3, SIDs 16317, 16326 and
>> > 16330.
>> >
>> > Additionally, previously released rules that will also detect attacks
>> > targeting these vulnerabilities are identified with GID 1, SIDs 15638,
>> > 15639, 16159 through 16166, 16310 and 16311.
>> >
>> > Microsoft Security Advisory MS09-073:
>> > The Microsoft Word converter fails to correctly validate user-supplied
>> > input. As a result, an attacker may leverage this error to execute code
>> > on an affected system.
>> >
>> > A rule to detect attacks targeting this vulnerability is included in
>> > this release and is identified with GID 3, SID 16314.
>> >
>> > Microsoft Security Advisory MS09-074:
>> > Microsoft Project contains a programming error that may allow a remote
>> > attacker to execute code on an affected system via the use of a
>> > specially crafted file.
>> >
>> > A rule to detect attacks targeting this vulnerability is included in
>> > this release and is identified with GID 1, SID 16328.
>> >
>> > For a complete list of new and modified rules please see:
>> >
>> >
>> http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-12-08.html
>> > -----BEGIN PGP SIGNATURE-----
>> > Version: GnuPG v1.2.6 (GNU/Linux)
>> >
>> > iD8DBQFLHornQcQOxItLLaMRAi18AJ4gt/AkUbtatL8KHWQw6oNxzNhXnACgjuez
>> > U078gMlSa6iyoirefj3B85g=
>> > =S3Nc
>> > -----END PGP SIGNATURE-----
>> >
>> >
>> >
>> ------------------------------------------------------------------------------
>> > Return on Information:
>> > Google Enterprise Search pays you back
>> > Get the facts.
>> > http://p.sf.net/sfu/google-dev2dev
>> > _______________________________________________
>> > Snort-sigs mailing list
>> > Snort-sigs at lists.sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/snort-sigs
>> >
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20091208/12e13f6d/attachment.html>


More information about the Snort-sigs mailing list