Snort mailing list archives
Re: SIDs 41338 and 41340 - FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt
From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Fri, 20 Jan 2017 17:35:08 +0000
Hello Charlie, Do you have a pcap of the traffic that produced some of these false positives? Thanks. Albert Lewis ENGINEER.SOFTWARE ENGINEERING SOURCEfire, Inc. now part of Cisco Email: allewi () cisco com<mailto:allewi () cisco com> From: Charlie Dyer <charlierwdyer () gmail com<mailto:charlierwdyer () gmail com>> Date: Friday, January 20, 2017 at 12:07 PM To: "snort-sigs () lists sourceforge net<mailto:snort-sigs () lists sourceforge net>" <snort-sigs () lists sourceforge net<mailto:snort-sigs () lists sourceforge net>> Subject: [Snort-sigs] SIDs 41338 and 41340 - FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt Hi list The number of false positives these two rules produce is huge! Has anyone else seen the same or amended the rule to be a bit more specific to the exploit,i.e. user agent is Acrobat Reader or something so it's a bit more specific. Any thoughts gratefully received Charlie
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- SIDs 41338 and 41340 - FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt Charlie Dyer (Jan 20)
- Re: SIDs 41338 and 41340 - FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt Nick Randolph (Jan 20)
- Re: SIDs 41338 and 41340 - FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt Al Lewis (allewi) (Jan 20)