[Snort-sigs] Sourcefire VRT Certified Snort Rules Update 2010-09-23

Research research at ...435...
Thu Sep 23 15:32:58 EDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Sourcefire VRT Certified Snort Rules Update

Synopsis:
The Sourcefire VRT is aware of a vulnerability affecting Microsoft .NET
applications.

Details:
Microsoft .NET Framework Information Disclosure (CVE-2010-3332):
The Microsoft .NET Framework discloses enough information in error
responses that an attacker is able to decrypt and modify encrypted
data. The attacker is also able to forge cookies and obtain application
files via an Oracle padding attack.

Rules to detect attacks targeting this vulnerability are included in
this release and are identified with GID 3, SIDs 17428 and 17429.

Additionally, the Sourcefire VRT has added and modified multiple rules
in the chat, dos, exploit, ftp, icmp, imap, mysql, netbios, oracle,
shellcode, specific-threats tftp, web-activex, web-client and web-misc
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2010-09-23.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFMm6tqQcQOxItLLaMRArwsAJ4r7mvpjnzoQpsMxSVdhavU+0hAKgCffSQB
+TFpz1QVGkhn3mtDlrM5noE=
=qYRE
-----END PGP SIGNATURE-----





More information about the Snort-sigs mailing list