Snort mailing list archives
Re: apparent discrepancies at http://www.snort.org/vrt/
From: Nigel Houghton <nhoughton () sourcefire com>
Date: Thu, 12 Feb 2009 14:22:08 -0500
On Thu, Feb 12, 2009 at 2:09 PM, Tim Maletic <tmaletic () gmail com> wrote:
At http://www.snort.org/vrt/advisories/vrt-rules-2009-02-10.html, we see the following GID|SIDs listed: GID 3, SIDs 15304 and 15305. GID 3, SIDs 15301 and 15302. GID 1, SIDs 15127 through 15144. GID 3, SIDs 15298, 15299 and 15303. But at http://www.snort.org/vrt/docs/ruleset_changelogs/2_8/changes-2009-02-10.html, we see this list: New rules: 15307 <-> WEB-ACTIVEX Microsoft Animation Control ActiveX clsid access (web-activex.rules, High) 15308 <-> WEB-ACTIVEX Microsoft Animation Control ActiveX clsid unicode access (web-activex.rules, High) 15309 <-> WEB-ACTIVEX Microsoft Animation Control ActiveX function call access (web-activex.rules, High) 15310 <-> WEB-ACTIVEX Microsoft Animation Control ActiveX function call unicode access (web-activex.rules, High) 15311 <-> WEB-ACTIVEX Research In Motion AxLoader ActiveX clsid access (web-activex.rules, High) 15312 <-> WEB-ACTIVEX Research In Motion AxLoader ActiveX clsid unicode access (web-activex.rules, High) 15313 <-> WEB-ACTIVEX Research In Motion AxLoader ActiveX function call access (web-activex.rules, High) 15314 <-> WEB-ACTIVEX Research In Motion AxLoader ActiveX function call unicode access (web-activex.rules, High) 15315 <-> WEB-ACTIVEX Akamai DownloadManager ActiveX clsid access (web-activex.rules, High) 15316 <-> WEB-ACTIVEX Akamai DownloadManager ActiveX clsid unicode access (web-activex.rules, High) 15317 <-> WEB-ACTIVEX Akamai DownloadManager ActiveX function call access (web-activex.rules, High) 15318 <-> WEB-ACTIVEX Akamai DownloadManager ActiveX function call unicode access (web-activex.rules, High) Can someone explain the discrepancy? Why do the SIDs in the advisory not appear in the changelog?
Yes, we are aware of this issue. The shared object rules are not reflected in the changelog. All shared object rules are listed in the advisory for the rule release though as you found out. -- Nigel Houghton Head Mentalist SF VRT http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/ ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- apparent discrepancies at http://www.snort.org/vrt/ Tim Maletic (Feb 12)
- Re: apparent discrepancies at http://www.snort.org/vrt/ Nigel Houghton (Feb 12)
- Re: apparent discrepancies at http://www.snort.org/vrt/ Tim Maletic (Feb 12)
- Re: apparent discrepancies at http://www.snort.org/vrt/ Nigel Houghton (Feb 12)
- Re: apparent discrepancies at http://www.snort.org/vrt/ Tim Maletic (Feb 12)
- Re: apparent discrepancies at http://www.snort.org/vrt/ Nigel Houghton (Feb 12)