Re: Skype Mac exploit sigs?

[Joel Esler <jesler () sourcefire com>]

On May 12, 2011, at 7:16 AM, Kungu Panda wrote:

> Anyone aware of any signatures detecting the recent Skype
> vulnerability/exploit CVE-2011-2074 ?
>
>   http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2074
>    http://blogs.skype.com/security/2011/05/security_vulnerability_in_mac.html

The vulnerability is in how Skype parses a specifically crafted message from an already present contact.

So, 
A) You'd have to be on a person's contact list already to send the message
and
B) You can't send messages to people to whom you are not on their contact list by default in Skype.

That being said...

The traffic would take place inside of Skype's encrypted P2P transmission protocol that only they have the key for, so..

No.  There's not an obvious way to write a rule for it.  We'll keep an eye on it though.

--
Joel Esler
Lead Annoyance Specialist, Vulnerability Research Team, Sourcefire
OpenSource Community Manager
------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users