Snort mailing list archives
Re: Sourcefire VRT Certified Snort Rules Update 2009-12-08
From: Nigel Houghton <nhoughton () sourcefire com>
Date: Tue, 8 Dec 2009 16:30:59 -0500
On Tue, Dec 8, 2009 at 3:28 PM, evilghost () packetmail net <evilghost () packetmail net> wrote:
Thanks Matt. It appears to be working now (I'd like to think it was due to my email). We also noted corrupt subscriber tar-gzip rule releases coming down for the 2.8 branch, which were also corrected around the time the change log was made available. The 404 was tested across two different circuits/systems as to verify the problem was not on our end. The corrupted archive was only tested on one system. Perhaps we were pulling down the archive as it was being copied. -evilghost Matt Olney wrote:We're working with IT on this...I'll throw a personal beat down over the wall and see if I can get this addressed. I know you guys have scripted a ton of automation out there, and the website impacts that when it changes or fails. Off to see what can be done, Matt On Tue, Dec 8, 2009 at 3:15 PM, evilghost () packetmail net < evilghost () packetmail net> wrote:Hello. The change log is 404, again. I depend on the Change Log. I cried, but just once this time since http://www.snort.org/vrt/docs/ruleset_changelogs/CURRENT/changes-2009-12-08.html seems to work. http://www.snort.org/vrt/docs/ruleset_changelogs/2_8/changes-2009-12-08.html is 404. Cheers, evilghost Research wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 From: VRT Advisory Builder <vrtbuild () sourcefire com> To: Matt Watchinski <mwatchinski () sourcefire com>, Lurene Grenier <lgrenier () sourcefire com>, Marketing <steve.kane () sourcefire com>, Clint Brown <cbrown () sourcefire com>Cc: Nigel Houghton <nigel () sourcefire com>, Dave Parrish <dparrish () sourcefire com>, John Leone <jleone () sourcefire com>Reply-To: Nigel Houghton <nigel () sourcefire com> X-Mailer: VRT Rule Pack Auto Mailer 2.0 Subject: Sourcefire VRT Certified Snort Rules Update 2009-12-08 FINAL Sourcefire VRT Certified Snort Rules Update Synopsis: The Sourcefire VRT is aware of multiple vulnerabilities affecting Microsoft products. Details: Microsoft Security Advisory MS09-070: A vulnerability in Microsoft Active Directory may allow a remote attacker to execute code on an affected system. A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 3, SID 16312. Microsoft Security Advisory MS09-071: A vulnerability in the Microsoft Challenge Handshake Authentication Protocol (MS-CHAPv2) may allow a remote attacker to escalate privileges on an affected system. This does not require authentication to exploit. A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 3, SID 16329. Microsoft Security Advisory MS09-072: Microsoft Internet Explorer contains several vulnerabilities that may allow a remote attacker to execute code on a vulnerable system. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 3, SIDs 16317, 16326 and 16330. Additionally, previously released rules that will also detect attacks targeting these vulnerabilities are identified with GID 1, SIDs 15638, 15639, 16159 through 16166, 16310 and 16311. Microsoft Security Advisory MS09-073: The Microsoft Word converter fails to correctly validate user-supplied input. As a result, an attacker may leverage this error to execute code on an affected system. A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 3, SID 16314. Microsoft Security Advisory MS09-074: Microsoft Project contains a programming error that may allow a remote attacker to execute code on an affected system via the use of a specially crafted file. A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 16328. For a complete list of new and modified rules please see: http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-12-08.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFLHornQcQOxItLLaMRAi18AJ4gt/AkUbtatL8KHWQw6oNxzNhXnACgjuez U078gMlSa6iyoirefj3B85g= =S3Nc -----END PGP SIGNATURE-----------------------------------------------------------------------------------Return on Information: Google Enterprise Search pays you back Get the facts. http://p.sf.net/sfu/google-dev2dev _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
The email was a little premature and went out before we verified that everything was in place and functioning correctly. You are most likely correct in assuming that you copied the tarball before it was done being written to the web server file system. -- Nigel Houghton Head Mentalist SF VRT http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/ ------------------------------------------------------------------------------ Return on Information: Google Enterprise Search pays you back Get the facts. http://p.sf.net/sfu/google-dev2dev _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- Sourcefire VRT Certified Snort Rules Update 2009-12-08 Research (Dec 08)
- Re: Sourcefire VRT Certified Snort Rules Update 2009-12-08 evilghost () packetmail net (Dec 08)
- Re: Sourcefire VRT Certified Snort Rules Update 2009-12-08 Matt Olney (Dec 08)
- Re: Sourcefire VRT Certified Snort Rules Update 2009-12-08 Matt Olney (Dec 08)
- Re: Sourcefire VRT Certified Snort Rules Update 2009-12-08 evilghost () packetmail net (Dec 08)
- Re: Sourcefire VRT Certified Snort Rules Update 2009-12-08 Nigel Houghton (Dec 08)
- Re: Sourcefire VRT Certified Snort Rules Update 2009-12-08 Jason Brvenik (Dec 08)
- Re: Sourcefire VRT Certified Snort Rules Update 2009-12-08 Matt Olney (Dec 08)
- Re: Sourcefire VRT Certified Snort Rules Update 2009-12-08 evilghost () packetmail net (Dec 08)