![snort logo](/images/snort-logo.png)
Snort mailing list archives
Sourcefire VRT Certified Snort Rules for CVE-2013-3906
From: Jeremy Scott <JeremyScott () solutionary com>
Date: Thu, 7 Nov 2013 21:05:26 -0600
What's the possibility of false negatives with the rules package for CVE-2013-3906 (SID 28464-71)? I'm just trying to validate if I'm understanding the rule logic correctly. The content is matching the STRIPBYTECOUNT TIFF Tag (01 17 00 04 00 00 00 01). By specifying a value of 1 for the number of strips in the file, it seems that it will bypass the rule from being triggered if more than 1 strip is used to trigger the vulnerable condition. Jeremy Scott [cid:534C6DB9-FD33-43FD-B846-880C07DCF0CD]<http://www.solutionary.com/> Senior Research Analyst Security Engineering Research Team (SERT) Phone: 806-318-3541 Cell: 806-679-4440 Email: JeremyScott () Solutionary com<mailto:JeremyScott () Solutionary com> www.solutionary.com<http://www.solutionary.com> Solutionary named MSSP Leader. Go here<http://www.solutionary.com/index/intelligence-center/Gartner-Magic-Quadrant-2012.php>. Confidentiality Notice: The content of this communication, along with any attachments, is covered by federal and state law governing electronic communications and may contain confidential and legally privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, use or copying of the information contained herein is strictly prohibited. If you have received this communication in error, please immediately contact us by telephone at 402.361.3000 or e-mail security () solutionary com<mailto:security () solutionary com>. Thank you. Copyright 2000-2012. Solutionary, Inc. All rights reserved. ActiveGuard and Solutionary are registered trademarks of Solutionary, Inc. Solutionary, the ActiveGuard logo icon, and the Solutionary logo icon are registered service marks of Solutionary, Inc.
------------------------------------------------------------------------------ November Webinars for C, C++, Fortran Developers Accelerate application performance with scalable programming models. Explore techniques for threading, error checking, porting, and tuning. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Sourcefire VRT Certified Snort Rules for CVE-2013-3906 Jeremy Scott (Nov 07)
- Re: Sourcefire VRT Certified Snort Rules for CVE-2013-3906 Patrick Mullen (Nov 08)