Snort mailing list archives
Re: Skype Mac exploit sigs?
From: Joel Esler <jesler () sourcefire com>
Date: Thu, 12 May 2011 07:45:02 -0400
On May 12, 2011, at 7:16 AM, Kungu Panda wrote:
Anyone aware of any signatures detecting the recent Skype vulnerability/exploit CVE-2011-2074 ? http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2074 http://blogs.skype.com/security/2011/05/security_vulnerability_in_mac.html
The vulnerability is in how Skype parses a specifically crafted message from an already present contact. So, A) You'd have to be on a person's contact list already to send the message and B) You can't send messages to people to whom you are not on their contact list by default in Skype. That being said... The traffic would take place inside of Skype's encrypted P2P transmission protocol that only they have the key for, so.. No. There's not an obvious way to write a rule for it. We'll keep an eye on it though. -- Joel Esler Lead Annoyance Specialist, Vulnerability Research Team, Sourcefire OpenSource Community Manager ------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Skype Mac exploit sigs? Kungu Panda (May 12)
- Re: Skype Mac exploit sigs? Joel Esler (May 12)