Tuesday, September 1, 2009

Rule release for today - September 1, 2009

Microsoft IIS FTP Buffer Overflow: The Microsoft FTP module for Internet Information Services (IIS) contains a programming error that may allow a remote attacker to execute code on an affected system. The problem occurs in the processing of specially crafted directory names which an attacker can leverage to cause a stack-based buffer overflow.

Previously released rules will detect attacks targeting this vulnerability and are identified with GID 1, SIDs 1529, 1973, 2374 and 3441. Additionally, the FTP Telnet preprocessor will detect attacks targeting this vulnerability. These events are identified with GID 125, SIDs 3, 6 and 8.

(see this blog post: http://vrt-sourcefire.blogspot.com/2009/09/microsoft-iis-ftp-vulnerability.html)

Additionally, as a result of ongoing research, the Sourcefire VRT has added multiple rules to the web-activex, web-client, specific-threats, shellcode and bad-traffic rule sets to provide coverage for emerging threats from these technologies.

More info and changelogs here: http://www.snort.org/vrt/advisories/2009/09/01/vrt-rules-2009-09-01.html
Add to Technorati Favorites Digg! This
Post a Comment