VRT Rules 2005-09-19
Sourcefire VRT Certified Rules Update
The Sourcefire Vulnerability Research Team (VRT) has learned of serious vulnerabilities affecting Sun Microsystems Solaris operating system. The VRT has also done extensive work to update detection for exploit attempts against various vulnerabilities affecting Microsoft Internet Explorer.
A vulnerability exists in the Solaris operating system that may allow an unprivileged users to remove any file on a system using the line printer daemon. This can be done via the Unlink command which can be used to unlink any file on a local or remote sytem accepting connections to lpd.
Rules to detect attacks against this vulnerability are included in this rule pack and are identified as sids 4143 and 4144.
Multiple vulnerabilities exist in Microsoft Internet Explorer that may allow an attacker to execute code of their choosing on a vulnerable system. This can be achieved by manipulating the trust between Internet Explorer and ActiveX objects.
Rules to detect attacks against these vulnerabilities are included in this rule pack and are identified as sids 4145 through 4193.
Rule Pack Summary:
For a complete list of new and modified rules, click here.
Sourcefire VRT rule packs often utilize enhancements made to Snort. Operators should upgrade to the latest revision or patch level for Snort to ensure these enhancements are available before using these rules.
About the VRT:
The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in network security industry.