VRT Rules 2014-09-24
This release adds rules in several categories.

The VRT has added multiple rules in the os-other and server-other rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2014-09-24 14:54:18 UTC

Sourcefire VRT Rules Update

Date: 2014-09-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2956.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31978 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31977 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31976 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31975 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 3:31984 <-> ENABLED <-> OS-OTHER Cisco IOS mDNS malformed rrlength denial of service attempt (os-other.rules)
 * 3:31983 <-> ENABLED <-> OS-OTHER DHCPv6 flood denial of service attempt (os-other.rules)
 * 3:31979 <-> ENABLED <-> SERVER-OTHER Cisco IOS MediaNet metadata over RSVP IPFIX setlen=4 denial of service attempt (server-other.rules)
 * 3:31980 <-> ENABLED <-> SERVER-OTHER Cisco IOS RSVP Path message with no session attribute denial of service attempt (server-other.rules)
 * 3:31982 <-> ENABLED <-> SERVER-OTHER Cisco IOS mdns memory leak (server-other.rules)
 * 3:31981 <-> ENABLED <-> SERVER-OTHER Cisco RSVP Protocol invalid Set ID DoS attempt (server-other.rules)

Modified Rules:



2014-09-24 14:54:18 UTC

Sourcefire VRT Rules Update

Date: 2014-09-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31978 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31977 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31976 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31975 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 3:31983 <-> ENABLED <-> OS-OTHER DHCPv6 flood denial of service attempt (os-other.rules)
 * 3:31982 <-> ENABLED <-> SERVER-OTHER Cisco IOS mdns memory leak (server-other.rules)
 * 3:31984 <-> ENABLED <-> OS-OTHER Cisco IOS mDNS malformed rrlength denial of service attempt (os-other.rules)
 * 3:31979 <-> ENABLED <-> SERVER-OTHER Cisco IOS MediaNet metadata over RSVP IPFIX setlen=4 denial of service attempt (server-other.rules)
 * 3:31980 <-> ENABLED <-> SERVER-OTHER Cisco IOS RSVP Path message with no session attribute denial of service attempt (server-other.rules)
 * 3:31981 <-> ENABLED <-> SERVER-OTHER Cisco RSVP Protocol invalid Set ID DoS attempt (server-other.rules)

Modified Rules:



2014-09-24 14:54:18 UTC

Sourcefire VRT Rules Update

Date: 2014-09-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2961.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31976 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31977 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31975 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31978 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 3:31982 <-> ENABLED <-> SERVER-OTHER Cisco IOS mdns memory leak (server-other.rules)
 * 3:31979 <-> ENABLED <-> SERVER-OTHER Cisco IOS MediaNet metadata over RSVP IPFIX setlen=4 denial of service attempt (server-other.rules)
 * 3:31980 <-> ENABLED <-> SERVER-OTHER Cisco IOS RSVP Path message with no session attribute denial of service attempt (server-other.rules)
 * 3:31984 <-> ENABLED <-> OS-OTHER Cisco IOS mDNS malformed rrlength denial of service attempt (os-other.rules)
 * 3:31983 <-> ENABLED <-> OS-OTHER DHCPv6 flood denial of service attempt (os-other.rules)
 * 3:31981 <-> ENABLED <-> SERVER-OTHER Cisco RSVP Protocol invalid Set ID DoS attempt (server-other.rules)

Modified Rules: