-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sourcefire VRT Certified Rules Update
Synopsis:
The Sourcefire VRT has learned of a vulnerability in the way that
Microsoft Windows systems process Pragmatic General Multicast (PGM)
traffic.
Details:
Microsoft Security Bulletin MS06-052
When hosts using certain versions of the Microsoft Windows operating
system attempt to process PGM messages using the Microsoft Message
Queuing Service (MSMQ), the system may be exposed to a buffer overflow
condition. If the message contains more options than indicated in the
packet header, a static buffer may be overflowed allowing an attacker
to possibly execute code of their choosing on an affected host.
A shared object rule to detect attacks against this vulnerability is
included in this rule pack and is identified as gid 3 sid 8351.
8351 - BAD-TRAFFIC PGM nak list overflow attempt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFFEDpmMpm0ve0NhMcRAmn2AJ9MOpA6PdoLC9eauTTTEY9OCzbnlgCeM333
TpDHCaBygcANZUevjxoRVgc=
=eqPT
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
