VRT Advisories


VRT Rules 2007-02-09

Sourcefire VRT Update

Date: 2007-02-09

Synopsis:

The Sourcefire Vulnerability Research Team (VRT) is aware of vulnerabilities affecting the Squid Proxy Server and the Microsoft Windows Operating System.

Details:

Squid Proxy Server CVE-2007-0247:
The Squid Proxy Server is prone to a Denial of Service (DoS) condition when handling malformed directory listing responses from remote FTP servers.

A rule to detect attacks targeting this vulnerability is included in this release and is identified as SID 10135.

Microsoft Security Bulletin MS06-032:
The Microsoft Windows operating system is prone to a Denial of Service (DoS) condition that is caused by the improper handling of TCP/IP packets.

A shared object rule to detect attacks targeting this vulnerability is included in this release and is identified as GID 3 SID 10127.

Multiple rules have been added and modified to provide coverage for other threats.

Rule Pack Summary:

For a complete list of new and modified rules, click here.

Warning:

Sourcefire VRT rule packs often utilize enhancements made to Snort. Operators should upgrade to the latest revision or patch level for Snort to ensure these enhancements are available before using these rules.

About the VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.