Home page logo
/

snort logo Snort mailing list archives

Re: Sourcefire VRT Certified Snort Rules Update 2010-11-02
From: infosec posts <infosec.posts () gmail com>
Date: Wed, 3 Nov 2010 09:44:50 -0500

My update routine didn't find any changes last night, and I can't find
any of these signatures in the tarballs I'm pulling this morning:

17808 <-> SPECIFIC-THREATS Adobe Flash authplay.dll memory corruption
attempt (specific-threats.rules, High)
17809 <-> WEB-CLIENT quicktime movie file transfer (web-client.rules, Low)
17810 <-> WEB-MISC potential malware - download of server32.exe
(web-misc.rules, Medium)
17811 <-> WEB-MISC potential malware - download of svchost.exe
(web-misc.rules, Medium)
17812 <-> WEB-MISC potential malware - download of iexplore.exe
(web-misc.rules, Medium)
17813 <-> WEB-MISC potential malware - download of iprinp.dll
(web-misc.rules, Medium)
17814 <-> WEB-MISC potential malware - download of winzf32.dll
(web-misc.rules, Medium)


I pulled 2.8.6.0, 2.8.6.1, and 2.8.9.0 a few minutes ago, but I didn't
find the new signatures in any of them.  Now I'm getting 403/Forbidden
on 2.8.6.0 and 2.8.9.0, so I'm going to guess that you've realized you
forgot to actually include the new signatures again, and you're fixing
it now?



On Tue, Nov 2, 2010 at 1:12 PM, Research <research () sourcefire com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Sourcefire VRT Certified Snort Rules Update

Synopsis:
The Sourcefire VRT is aware of a vulnerability affecting Adobe Flash
Player, Adobe Reader and Acrobat.

Details:
Adobe Security Bulletin APSA10-05:
Adobe Flash Player contains a programming error that may allow a remote
attacker to execute code on an affected system. This issue also affects
Adobe Reader and Acrobat.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 17808.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2010-11-02.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFM0FRyQcQOxItLLaMRAkioAJ9ts16XoItleG/TjNTYEvlKF0Y/xACfRTXn
DB2ZKR9AYbEK0jUYRWfwqbU=
=Nz64
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs


------------------------------------------------------------------------------
Achieve Improved Network Security with IP and DNS Reputation.
Defend against bad network traffic, including botnets, malware, 
phishing sites, and compromised hosts - saving your company time, 
money, and embarrassment.   Learn More! 
http://p.sf.net/sfu/hpdev2dev-nov
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault