Palmer, Paul (ISSAtlanta) wrote:
Of course Andrew's point was that this is the norm, not the exception. If snort has ever detected a vulnerability before ISS, then his point is rather moot, wouldn't you say?Paul Schmehl wrote:Interesting. Please provide an example of where ISS was detecting a vulnerability before snort was.I can give you several off the top of my head: MS05-039/CVE-2005-1983 (Stack overflow in UPNP BO) MS05-021/CVE-2005-0560 (Heap overflow in the Microsoft Exchange X-LINK2STATE verb) CVE-2006-0058 (the recent race condition in the Sendmail signal handler) Granted, ISS discovered all three of these and that is why it had protection in its products before SNORT (in some cases a long time before SNORT or any other vendor). But, then I believe this is the point that Andrew was trying to make.
-- Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/ir/security/
smime.p7s
Description: S/MIME Cryptographic Signature
