Snort mailing list archives
Re: Sourcefire VRT Certified Snort Rules Update 2010-02-26
From: Guise McAllaster <guise.mcallaster () gmail com>
Date: Fri, 26 Feb 2010 22:23:27 +0000
Yes, I am getting error, "You’ve reached this page because you’ve clicked on a link that does not exist. This is probably our fault… but instead of showing you the basic ‘404 Error’ page that is confusing and doesn’t really explain anything, we’ve created this page to explain what went wrong" when trying to access the supplied link in the email. This has happened multiple times in the past and I've grown to expect it and I've gotten used to it.. Add the fact that the Feb 23 rule, "WEB-CLIENT Windows Media Player directory traversal via Content-Disposition attempt" (to be complete, this was updated Feb 25 to fixes the problem but now it is very exploit specific so good luck with its usefulness) alerted like a schizophrenic taking a polygraph (*SourceFire trifecta is in play*). In the two days before it was fixed, it managed to alert me on most all web downloads and severely throw off my statistics that I submit to the management. Proventia is now being seriously considered as a replacement. I guess an "open source" [*sic*] product that has no formal technical support and a history of false positive is not really a viable solution for a world class enterprises. No hard feelings for snort ... I like it and use it as a hobbyist and think it does many a lot of things well. :). Please keep up the good work but maybe the release note link can be more accurate in the future? One can only hope. Guise On Fri, Feb 26, 2010 at 9:52 PM, Nigel Houghton <nhoughton () sourcefire com>wrote:
On Fri, Feb 26, 2010 at 4:23 PM, evilghost () packetmail net <evilghost () packetmail net> wrote:Changelog is 404. -evilghost Research wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sourcefire VRT Certified Snort Rules Update Synopsis: The Sourcefire VRT is aware of a vulnerability affecting Microsoft Internet Explorer. Details: Microsoft Internet Explorer Command Execution: Microsoft Internet Explorer contains a programming error that may allow a remote attacker to execute commands on a vulnerable system. The attacker needs to supply VBScript to invoke winhlp32.exe, which can then be used to execute commands via a specially crafted .HLP file. A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 16452. For a complete list of new and modified rules please see:http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2010-02-26.html-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFLiDgnQcQOxItLLaMRAvEaAJ9rpY1fUgU+FqlTRm66BLe1CBJGXACfW11A QGugTZe+7KTde2i/54mF+L0= =DBm/ -----END PGP SIGNATURE-----------------------------------------------------------------------------------Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigsNot for me. -- Nigel Houghton Head Mentalist SF VRT http://vrt-sourcefire.blogspot.com && http://labs.snort.org/ ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- Sourcefire VRT Certified Snort Rules Update 2010-02-26 Research (Feb 26)
- Re: Sourcefire VRT Certified Snort Rules Update 2010-02-26 evilghost () packetmail net (Feb 26)
- Re: Sourcefire VRT Certified Snort Rules Update 2010-02-26 Nigel Houghton (Feb 26)
- Re: Sourcefire VRT Certified Snort Rules Update 2010-02-26 evilghost () packetmail net (Feb 26)
- Re: Sourcefire VRT Certified Snort Rules Update 2010-02-26 Brad Doctor (Feb 26)
- Re: Sourcefire VRT Certified Snort Rules Update 2010-02-26 chris . kniseley (Feb 26)
- Re: Sourcefire VRT Certified Snort Rules Update 2010-02-26 Nigel Houghton (Feb 26)
- Re: Sourcefire VRT Certified Snort Rules Update 2010-02-26 Guise McAllaster (Feb 26)
- Re: Sourcefire VRT Certified Snort Rules Update 2010-02-26 evilghost () packetmail net (Feb 26)