Vulnerability Report September 2009
This month's report covers three of the Microsoft Tuesday advisories, a remote code execution vulnerability in SMBv2, a vulnerability in the IIS FTP module and information on Dojocon
Rule release for today - September 9, 2009
A quick release for an update to SID 15930 to address the possibility of remote code execution for the Microsoft Windows SMBv2 processing vulnerability. Information is available on snort.org here
Microsoft Tuesday Coverage for September 2009
Microsoft Security Advisory (MS09-045): The Microsoft JScript scripting engine contains a programming error that may allow a remote attacker to execute code on an affected host. Microsoft Security Advisory (MS09-046): The Microsoft DHTML Editing Component ActiveX control contain
Microsoft IIS FTP Vulnerability - bad detection
Yesterday, we wrote about the Microsoft IIS FTP stack overflow. (here) Since then, we've seen some folks try to come up with detection for attacks targeting this vulnerability. Here's some things to think about when detecting this attack: 1. We saw some rules that d
Rule release for today - September 1, 2009
Microsoft IIS FTP Buffer Overflow: The Microsoft FTP module for Internet Information Services (IIS) contains a programming error that may allow a remote attacker to execute code on an affected system. The problem occurs in the processing of specially crafted directory names which
Microsoft IIS FTP Vulnerability
We saw some exploit code posted to milw0rm yesterday that relates to a vulnerability in the Microsoft IIS FTP module. Basically, it exploits a vulnerability where the server doesn't correctly parse directory names. The attacks makes use of the FTP NLST command which will caus
Rule release for today - August 25 2009
A maintenance release this one, a few new rules and some performance enhancements. Also, make sure you are using the dcerpc2 preprocessor now since these rule releases no longer include any of the flowbit rules that used to be needed for some DCERPC related vulnerabilities. As a
Rule release for today - August 18 2009
As a result of ongoing research, the Sourcefire VRT has added multiple rules to the web-client, web-misc and sql rule sets to provide coverage for emerging threats from these technologies. Snort link here: http://www.snort.org/vrt/advisories/2009/08/18/vrt-rules-2009-08-18.html
Vulnerability Report August 2009
This month's report covers three of the Microsoft Tuesday advisories, Snort 2.8.5 RC, Byakugan, DHCLIENT and BIND 9.