Wednesday, August 3, 2011

VRT Rule Update for 08/03/2011

Join us as we welcome the introduction of the newest rule release for today from the VRT. In this release we introduce 9 new rules and make modifications to an additional rule.

There were no changes made to the snort.conf in this release.

In VRT's rule release:
The Sourcefire VRT is aware of a programming error in the TimThumb plugin for WordPress that may allow a remote attacker to execute code on an affected system. The vulnerability is present in the timthump.php script which does not correctly process user supplied input, allowing a remote attacker to upload content of their choosing into a directory, which can them be executed by the attacker.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 19653.

Additionally, the Sourcefire VRT has added and modified multiple rules in the backdoor, botnet-cnc and exploit rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at Make sure and stay up to date to catch the most emerging threats!