Re: Sourcefire VRT Certified Snort Rules Update 2010-04-13

[Nigel Houghton <nhoughton () sourcefire com>]

On Wed, Apr 14, 2010 at 2:29 PM, infosec posts <infosec.posts () gmail com> wrote:
> It's great that VRT can be so timely with IDS signatures for patch
> Tuesday.  Unfortunately, it doesn't appear that the SO rules they
> wrote this time actually made it into the ruleset they released
> yesterday.  Did anyone else actually get these rules?  I certainly
> can't find them in my download.  I did get the updated non-SO rules.
>
>
> From: Research <research () sourcefire com>
> Date: Tue, 13 Apr 2010 14:17:37 -0400 (EDT)
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Sourcefire VRT Certified Snort Rules Update
>
> Synopsis:
> The Sourcefire VRT is aware of vulnerabilities affecting products from
> Microsoft Corporation.
>
> Details:
> Microsoft Security Advisory (MS10-019):
> The Microsoft CAB Subject Interface Package (SIP) implementation
> contains a programming error that may allow a remote attacker to bypass
> the authentication mechanism.
>
> A rule to detect attacks targeting this vulnerability is included in
> this release and is identified with GID 3, SID 16530.
>
> Microsoft Security Advisory (MS10-020):
> The Microsoft implementation of the SMB protocol contains programming
> errors that may allow a remote attacker to execute code on an affected
> system.
>
> Rules to detect attacks targeting these vulnerabilities are included in
> this release and are identified with GID 3, SIDs 16531, 16532, 16539
> and 16540.
>
> Microsoft Security Advisory (MS10-023):
> Microsoft Publisher contains a programming error that may allow a
> remote attacker to execute code on an affected system.
>
> A rule to detect attacks targeting this vulnerability is included in
> this release and is identified with GID 3, SID 16542.
>
> Microsoft Security Advisory (MS10-024):
> The Microsoft SMTP service is prone to a Denial of Service condition
> that may be triggered by a remote attacker.
>
> A rule to detect attacks targeting this vulnerability is included in
> this release and is identified with GID 3, SID 16534.
>
> Microsoft Security Advisory (MS10-025):
> The Microsoft Windows Media Service suffers from a programming error
> that may allow a remote attacker to execute code on an affected system.
>
> A rule to detect attacks targeting this vulnerability is included in
> this release and is identified with GID 3, SID 16541.
>
> Microsoft Security Advisory (MS10-026):
> Microsoft Windows Media Player contains a programming error that may
> allow a remote attacker to execute code on an affected system.
>
> A rule to detect attacks targeting this vulnerability is included in
> this release and is identified with GID 3, SID 16543.
>
> Microsoft Security Advisory (MS10-027):
> Microsoft Windows Media Player contains a programming error that may
> allow a remote attacker to execute code on an affected system via an
> ActiveX control.
>
> A rule to detect attacks targeting this vulnerability is included in
> this release and is identified with GID 3, SID 16537.
>
> Microsoft Security Advisory (MS10-028):
> Microsoft Visio suffers from programming errors that may allow a remote
> attacker to execute code on an affected system.
>
> Rules to detect attacks targeting these vulnerabilities are included in
> this release and are identified with GID 3, SIDs 16535 and 16536.
>
> Microsoft Security Advisory (MS10-029):
> The Microsoft implementation of IPv6 contains a programming error that
> may allow a remote attacker to spoof connections to an affected host.
>
> A rule to detect attacks targeting this vulnerability is included in
> this release and is identified with GID 3, SID 16533.
>
> For a complete list of new and modified rules please see:
>
> http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2010-04-13.html
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (GNU/Linux)
>
> iD8DBQFLxLVBQcQOxItLLaMRAtYsAJ9Uf1k22CyZtytMSKcR3dDo6GaT7QCeK1Gj
> +jAO1JxvJ4Ner69HCVjtKPs=
> =yRyG
> -----END PGP SIGNATURE-----
>
> ------------------------------------------------------------------------------
> Download Intel&#174; Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs


I just downloaded the Snort rules from snort.org and all of the SO
rules from yesterday are in that package.

-- 
Nigel Houghton
Head Mentalist
SF VRT
http://vrt-sourcefire.blogspot.com && http://labs.snort.org/

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs