-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sourcefire VRT Certified Rules Update
Synopsis:
The Sourcefire VRT is aware of a vulnerability affecting an ActiveX
control used by Symantec Norton AntiVirus products.
In conjunction with this release the Snort Team has released a new
version of Snort (2.6.1.5) that contains additional http_inspect
functionality.
Details:
* A new http_post rule keyword used to search for content in
normalized HTTP posts
* A fix for a potential memory leak when generating HTTP Inspection
events
NOTE: In the default configuration, the http_inspect preprocessor will
generate informational events on normalized HTTP POST data. To disable
these events, refer to the Snort Manual.
Symantec Norton AntiVirus ActiveX Control (CVE-2006-3456):
An ActiveX control used by Symantec Norton AntiVirus products contains
a vulnerability that may allow an attacker to execute code on an
affected host.
Rules to detect attacks targeting this vulnerability are included in
this release and are identified as SIDs 11268 through 11271.
For a complete list of new and modified rules please see:
http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2007-05-14.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGSL6ioFlcG+k7cPwRAlSqAJ4mOV5X7EiUU9+9tFX4irEOgbWO2wCfUHGR
QQ+hKsABPGliK5xXrtnG5wQ=
=z8CE
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
