VRT Advisories


Community 2006-09-05

Sourcefire Community Rule Update 2006-09-05

Sourcefire Community Rule Update

Date: 2006-09-05

This message is to announce the availability of an update for the Sourcefire community rule set, which can be downloaded free of cost or registration from http://www.snort.org/pub-bin/downloads.cgi.

New rules in this release are identified as SIDs 100000874-100000891. These rules cover detection of TOR and Google Talk traffic, which may be policy violations in some environments cross-site scripting attempts against the Roller Weblog system a buffer overflow attempt against ImageMagick remote file inclusion attacks against PHP Live Helper and Inlink SQL injection against SimpleBlog and other attacks against the pHNews, Proxima, pmwiki, tikiwiki, yappa-ng, and Webmin/Usermin systems.

Sourcefire would like to thank the following submitters for their contributions:

* Dan Ramaswami for SIDs 100000874-100000875 * Will Young for 100000876-100000877 * p3rlhax@gmail.com for SIDs 100000878-100000880

Community Rule Pack Update Summary:

For a complete list of new and modified rules use this link.

To submit rules to the Community rule set use this link.

About the VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities.

About Sourcefire

Sourcefire, Inc., the world leader in intrusion prevention, is transforming the way organizations manage and minimize network security risks with its 3D Approach - Discover, Determine, Defend - to securing real networks in real-time. For more information about Sourcefire, please visit www.sourcefire.com.