[Snort-sigs] Sourcefire VRT Certified Snort Rules Update 2011-03-24
research at ...435...
Thu Mar 24 15:10:33 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Sourcefire VRT Certified Snort Rules Update
The Sourcefire VRT is aware of a problem concerning digital
certificates issued by Comodo. Additionally, this release adds and
modifies rules in several categories.
Comodo Digital Certificate Authority Fraud:
The Sourcefire VRT is aware of the existance of nine fraudulent digital
certificates issued by Comodo. Using these certificates, an attacker
may be able to spoof content, perform various phishing attacks or
perform man-in-the-middle attacks on sites and users relying on these
certificates for identification purposes.
Rules to detect attacks targeting this vulnerability are included in
this release and are identified with GID 1, SIDs 18565 through 18573.
Additionally, the Sourcefire VRT has added and modified multiple rules
in the ftp, imap, specific-threats, spyware-put, web-activex and
web-client rule sets to provide coverage for emerging threats from
For a complete list of new and modified rules please see:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Snort-sigs