[Snort-sigs] Sourcefire VRT Certified Snort Rules Update 2010-09-23
research at ...435...
Thu Sep 23 15:32:58 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Sourcefire VRT Certified Snort Rules Update
The Sourcefire VRT is aware of a vulnerability affecting Microsoft .NET
Microsoft .NET Framework Information Disclosure (CVE-2010-3332):
The Microsoft .NET Framework discloses enough information in error
responses that an attacker is able to decrypt and modify encrypted
data. The attacker is also able to forge cookies and obtain application
files via an Oracle padding attack.
Rules to detect attacks targeting this vulnerability are included in
this release and are identified with GID 3, SIDs 17428 and 17429.
Additionally, the Sourcefire VRT has added and modified multiple rules
in the chat, dos, exploit, ftp, icmp, imap, mysql, netbios, oracle,
shellcode, specific-threats tftp, web-activex, web-client and web-misc
rule sets to provide coverage for emerging threats from these
For a complete list of new and modified rules please see:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Snort-sigs