Snort mailing list archives
Sourcefire VRT Certified Snort Rules Update
From: Sourcefire VRT <research () sourcefire com>
Date: Tue, 13 Oct 2009 18:26:54 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sourcefire VRT Certified Snort Rules Update Synopsis: The Sourcefire VRT is aware of multiple vulnerabilities affecting products from Microsoft and Adobe. Details: Microsoft Security Advisory (MS09-050): A vulnerability in the way that Microsoft Windows systems process SMBv2.0 transactions may allow a remote attacker to execute code on a vulnerable system. A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 3, SID 16168. Additionally, a previously released rule to detect attacks targeting this issue has been updated with the appropriate reference information and is included in this release as GID 1, SID 15930. Microsoft Security Advisory (MS09-051): A vulnerability in Windows Media Runtime may allow a remote attacker to execute code on a vulnerable system. Rules to detect attacks targeting this vulnerability are included in this release and are identified with GID 3, SIDs 16157 and 16158. Microsoft Security Advisory (MS09-052): A vulnerability in the Windows Media Player may allow a remote attacker to execute code on an affected system. A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 3, SID 16156. Microsoft Security Advisory (MS09-053): A vulnerability in the FTP service for Microsoft Internet Information Services may allow a remote attacker to execute code on an affected system. Previously released rules to detect attacks targeting this issue have been updated with the appropriate reference information and are included in this release. They are identified with GID 1, SIDs 1973, 2374 and 15932. Microsoft Security Advisory (MS09-054): Microsoft Internet Explorer contains programming errors that may allow a remote attacker to execute code on an affected system. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 3, SIDs 16149 through 16152. Microsoft Security Advisory (MS09-055): A vulnerability in the way that ActiveX controls are handled may allow a remote attacker to execute code on a vulnerable system. Rules to detect attacks targeting this vulnerability are included in this release and are identified with GID 1, SIDs 16159 through 16166. Microsoft Security Advisory (MS09-056): A vulnerability in the way that SSL certificates are handled by the Microsoft CryptAPI may allow a remote attacker to spoof a genuine certificate. Rules to detect attacks targeting this issue are included in this release and are identified with GID 3, SIDs 16180 and 16181. Microsoft Security Advisory (MS09-057): A vulnerability in the Internet Explorer indexing service may allow a remote attacker to execute code on an affected system. A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 3, SID 16155. Microsoft Security Advisory (MS09-059): A vulnerability in the Microsoft Local Security Authority Subsystem Service (LSASS) may allow a remote attacker to cause a Denial of Service (Dos) against an affected system. A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 3, SID 16167. Microsoft Security Advisory (MS09-060): Multiple vulnerabilities in the Microsoft Active Template Library (ATL) ActiveX controls for Microsoft Office may allow a remote attacker to execute code on an affected system. Previously released rules to detect attacks targeting this issue have been updated with the appropriate reference information and are included in this release as GID 1, SIDs 15638, 15639, 15670, 15671, 15904 and 15905. Microsoft Security Advisory (MS09-061): Multiple vulnerabilities in the Microsoft .NET Common Language Runtime may allow a remote attacker to execute code on an affected system. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 3, SIDs 16179, 16182 and 16183. Microsoft Security Advisory (MS09-062): Multiple vulnerabilities in Microsoft GDI+ may allow a remote attacker to execute code on an affected system. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 3, SIDs 16153, 16154, 16177, 16178 and 16184 through 16186. Additionally, previously released rules that also detect attacks targeting these vulnerabilities have been updated with the appropriate reference information and are included in this release, identified with GID 3, SID 13878 and GID 1, SID 6700. Adobe Vulnerabilities: Multiple products from Adobe corporation contain vulnerabilities that may allow a remote attacker to execute code on an affected system. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 3, SIDs 16172 through 16176. For a complete list of new and modified rules please see: http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-10-13.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFK1OIIQcQOxItLLaMRAnDDAJ9yql8l8E3zUhm6jNCtHS9k4HpaKwCgiCcq RyI95So7Z0FFBbm9eoEl3+A= =4PS1 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- Sourcefire VRT Certified Snort Rules Update research (Oct 06)
- <Possible follow-ups>
- Sourcefire VRT Certified Snort Rules Update research (Oct 08)
- Sourcefire VRT Certified Snort Rules Update research (Oct 13)
- Sourcefire VRT Certified Snort Rules Update Sourcefire VRT (Oct 13)
- Sourcefire VRT Certified Snort Rules Update research (Nov 04)
- Sourcefire VRT Certified Snort Rules Update research (Nov 10)
- Sourcefire VRT Certified Snort Rules Update research (Nov 13)
- Re: Sourcefire VRT Certified Snort Rules Update evilghost () packetmail net (Nov 13)
- Re: Sourcefire VRT Certified Snort Rules Update Mike Guiterman (Nov 17)
- Re: Sourcefire VRT Certified Snort Rules Update evilghost () packetmail net (Nov 17)
- Re: Sourcefire VRT Certified Snort Rules Update Nigel Houghton (Nov 17)
- Re: Sourcefire VRT Certified Snort Rules Update evilghost () packetmail net (Nov 17)
- Re: Sourcefire VRT Certified Snort Rules Update Nigel Houghton (Nov 17)
- Re: Sourcefire VRT Certified Snort Rules Update Mike Guiterman (Nov 17)
- Re: Sourcefire VRT Certified Snort Rules Update evilghost () packetmail net (Nov 13)