Rule release for today - February 3rd 2009
New rules in web-activex, chat and specific threats. Also, modifications to shared object rules for MS08-067, little bit of a performance enhancement. Details are available here: http://www.snort.org/vrt/advisories/vrt-rules-2009-02-03.html
Rule release for today - January 27th 2009
Large batch of Oracle vulnerabilities today. We've had to work through these carefully as details were pretty scant. Here's what we released: Oracle Secure Backup Command Injection (CVE-2008-4006) Oracle BPEL Injection (CVE-2008-4014) Oracle Secure Backup Command Injecti
Rule release for today - January 20th 2009
Lots of rule modifications in this release as well as some fixes and new rules. Security Fix - This module pack resolves a potential recursive evaluation DoS condition in SO rules that utilize the built-in content match API function. Sourcefire recommends installing this release
Microsoft Tuesday Coverage for January MS09-001
Just one Microsoft advisory to start the new year, we worked like crazy spider monkeys to get it covered and we did it. Details are available here: http://www.snort.org/vrt/advisories/vrt-rules-2009-01-13.html
Using Snort Subscriber Rule Set Certified Shared Object Rules
In order to instantiate shared object rules, a rule stub file is required. These stub files are not distributed in the VRT Certified rule packs, however they can be generated using snort. Here is an example showing the pertinent configuration options in snort.conf along with the
Rule release for today - December 23 2008
Mostly a maintenance release this one, some new rules in web-activex, web-client, backdoor and specific-threats. Check out the information here: http://www.snort.org/vrt/advisories/vrt-rules-2008-12-23.html
Snort Rule Coverage for MS08-078
A critical vulnerability in Microsoft Internet Explorer outlined in Microsoft Security Bulletin MS08-078, is covered by a previously released rule. The rule to detect attacks targeting this vulnerability was included in the release on 2008-12-11 and is identified with GID 1, SID
Rule release for today
Today's VRT Certified Rule release has coverage for a vulnerability in Oracle Internet Directory and CUPS. There are also a few new rules added in chat.rules and others. Oracle Internet Directory Denial of Service (CVE-2008-2595): Oracle Internet Directory contains a program
Out of band Microsoft Security Advisory for Internet Explorer CVE-2008-4844 and SQL Server vulnerability CVE-2008-5416
Today, Microsoft released a security advisory for Internet Explorer. Microsoft SQL server also has a problem with a stored procedure. In response, we released some new rules to detect attacks against these two products. Details on the rules are here http://www.snort.org/vrt/advis