This message is to announce the availability of an update for the
Sourcefire community rule set, which can be downloaded free of cost or
registration from http://www.snort.org/pub-bin/downloads.cgi.
New rules in this release are identified as SIDs 100000222-100000225.
These rules detect a format string attack against the TFTP32 server, a
buffer overflow attack against Softphone SIP phones, a buffer overflow
attack against Mozilla based on attachments with overly long filenames,
and access to a vulnerable parameter of ASPSurvey's Login_Validate.asp
page. Additionally, this release fixes a pair of incorrect reference
types, pointed out by Vyacheslav Burdjanadze.
Sourcefire would like to thank rmkml for submitting these rules. As a
reminder, anyone who wishes to submit rules may do so at
http://www.snort.org/reg-bin/rulesubmit.cgi.
A list of new rules and their SIDs follows.
Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.
100000222 || COMMUNITY MISC TFTP32 Get Format string attempt
100000223 || COMMUNITY EXPLOIT SIP UDP Softphone overflow attempt
100000224 || COMMUNITY SMTP Mozilla filename overflow attempt
100000225 || COMMUNITY WEB-MISC ASPSurvey Login_Validate.asp Password
param access
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
