VRT Advisories


VRT Rules 2005-03-09

Sourcefire VRT Certified Rule Update

Date: 2005-03-09

Synopsis:

The Sourcefire Vulnerability Research Team (VRT) has learned of serious vulnerabilities affecting Computer Associates BrightStor ARCserver.

The VRT has also added rules and improved detection capabilities of existing rules as a result of ongoing research into vulnerabilities with Microsoft applications using SSL.

Details

A vulnerability exists in the way that the BrightStor ARCserver discovery service processes client messages. Client product information messages and client slot information messages that contain an overly long client name or client domain value can cause a buffer overflow.

Rules to detect attacks against this vulnerability are included in this rule pack and are identified as sids 3474 through 3485.

Poor error handling routines in the Microsoft Secure Sockets Layer (SSL) library, specifically in the handling of SSL Version 2 requests, present opportunites to cause a DoS condition in various software implementations used on Microsoft operating systems.

Rules to detect attacks against this vulnerability are included in this rule pack and are identified as sids 3486 through 3511.

Rule Pack Summary

For a complete list of new and modified rules, click here.

Rules:

VRT Certified Rule Updates are available to users in the following ways:

  1. Subscribers will receive rulesets in real-time as they are released to Sourcefire customers - 5 days ahead of Registered users
  2. Registered users will receive rulesets when they are published
  3. Unregistered users will receive access to a static ruleset containing only the latest rules at the time of each Snort point release.

About the Sourcefire Vulnerability Research Team

The Sourcefire Vulnerability Research Team (VRT) is a group of leading edge intrusion detection and prevention experts working to discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in network security industry.