Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Signature Update S70 is currently available on CCO. This update contains a signature to detect an exploit released for the recent Microsoft Windows ASN.1 overflows documented in MS04-007. We are continuing to monitor the situation and will release fu...
Rumors have been circulated about a worm/virus named Pink Floyd that reportly exploits an additional vulnerability related to the Microsoft Advisory MS03-039 concerning the MS RPC service. It is further reported that even patched systems are vulnerab...
The recent IIS 5.0 WebDAV vulnerability can be successfully detected with signature 5322. This signature is disabled by default. We recommend that the signature parameter MinMatchLength be tuned to a value of 50000. This will significantly reduce the...
This is a new custom signature entry for the recent SysV /bin/login Buffer Overflow referenced in CERT Advisory CA-2001-34. This signature is provided as a supplement to S13 signatures 3403 and 3501 to better detect any attacks. It will be incorpora...
That looks like the bug indeed. I don't have any idea if this bug is scheduled to be fixed in 4.x though as no firm commitment on the next 4.x service pack has been made to my knowledge.
There is a known bug in the SERVICE.SMTP engine with the handling of regexes. Unfortunately, I cannot find the specific DDTS Id for the issue. Under 4.x, it is currently not possible to add new signatures to this engine. You will have to use STRING.T...
The service.http engine will not allow you specify the HTTP method used. The engine does interprets GET, POST and HEAD requests, but the method is not user accessible. The RequestRegex parameter actually starts at the beginning of the URI. To accompl...
Can you be more specific about the attack? Were you able to precisely identify the virus/worm involved? Is the sensor in a position to see the traffic?
The next service pack for 4.1 is still in planning with no firm ETA for delivery. A bug has been filed against this issue, but it is not clear if this issue will be addressed due to the fact a workaround is available. This will not be an issue in 5.0...
