[Snort-users] Adobe Flash outdated

Paul Cable pcable at ...15769...
Wed Aug 22 00:32:23 EDT 2012


No need to apologize. I'm very happy to confirm it isn't something wrong with my configuration.

It would be nice if these snort warnings could be used, but Spiceworks can tell me the same thing, so it isn't a big problem.

Thanks for checking for me,
PC




________________________________________
From: Castle, Shane [scastle at ...14946...]
Sent: Tuesday, August 21, 2012 6:13 PM
To: Paul Cable; snort-users at lists.sourceforge.net
Subject: RE: Adobe Flash outdated

Well, some research shows that you are right, and that I have disabled these rules in my ruleset, because the rules just can't keep up (and for other reasons I won't go into).

Sigh. Sorry about that. If you are certain that your flash is up to date then I suggest you disable the rule too.

--
Shane Castle
Data Security Mgr, Boulder County IT
CISSP GSEC GCIH


-----Original Message-----
From: Paul Cable [mailto:pcable at ...15769...]
Sent: Tuesday, August 21, 2012 10:07
To: Castle, Shane; snort-users at lists.sourceforge.net
Subject: RE: Adobe Flash outdated

Here is the payload from a flash advert.

GET /res/2206/40305/39242.swf HTTP/1.1  Accept: */*  Accept-Language: en-US  Referer:
http://usadmm.dotomi.com/dmm/servlet/dmm?pid=5533&dres=iframe&mtg=0&ms=11&btg=1&mp=1&rwidth=300&rheight=250&pp=712&cg=2035&rurl=http%3A//ads
x-flash-version: 11,3,300,271  Accept-Encoding: gzip, deflate  User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64;
Trident/5.0)  Host: usweb.dotomi.com  Connection: Keep-Alive


And according to Adobe's website:
http://www.adobe.com/software/flash/about/
Newest version is 11.3.300.271

I'm getting this message from multiple machines in my office of about 20 clients. Just counting today 15 different systems have spawned this message.




-----Original Message-----
From: Castle, Shane [mailto:scastle at ...14946...]
Sent: Tuesday, August 21, 2012 11:07 AM
To: Paul Cable; snort-users at lists.sourceforge.net
Subject: RE: Adobe Flash outdated

It's probably a TP, and it refers to the installation of Flash that an IE browser is using. Auto-update doesn't always seem to work, and if the Flash installation is old enough, it isn't there.

In fact, I'd go so far as to say that Adobe's auto-update is broken. Try downloading and running Secunia PSI on a couple of those systems and see what it tells you.

--
Shane Castle
Data Security Mgr, Boulder County IT
CISSP GSEC GCIH

-----Original Message-----
From: Paul Cable [mailto:pcable at ...15769...]
Sent: Tuesday, August 21, 2012 08:51
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Adobe Flash outdated

I have adobe flash set to auto-update on all of my client machines, but I am still getting massive amounts of:



snort: "ET POLICY Outdated Windows Flash Version IE"



Is this telling me the adobe flash version running on the website they are visiting is out of date or is it a false positive?



Thanks,

PC





More information about the Snort-users mailing list