Snort - Network Intrusion Detection & Prevention System

VRT Rules 2014-09-24

This release adds rules in several categories.

The VRT has added multiple rules in the os-other and server-other rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2956

2014-09-24 14:54:18 UTC

Sourcefire VRT Rules Update

Date: 2014-09-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2956.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31978 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31977 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31976 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31975 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 3:31984 <-> ENABLED <-> OS-OTHER Cisco IOS mDNS malformed rrlength denial of service attempt (os-other.rules)
 * 3:31983 <-> ENABLED <-> OS-OTHER DHCPv6 flood denial of service attempt (os-other.rules)
 * 3:31979 <-> ENABLED <-> SERVER-OTHER Cisco IOS MediaNet metadata over RSVP IPFIX setlen=4 denial of service attempt (server-other.rules)
 * 3:31980 <-> ENABLED <-> SERVER-OTHER Cisco IOS RSVP Path message with no session attribute denial of service attempt (server-other.rules)
 * 3:31982 <-> ENABLED <-> SERVER-OTHER Cisco IOS mdns memory leak (server-other.rules)
 * 3:31981 <-> ENABLED <-> SERVER-OTHER Cisco RSVP Protocol invalid Set ID DoS attempt (server-other.rules)

Modified Rules:

2962

2014-09-24 14:54:18 UTC

Sourcefire VRT Rules Update

Date: 2014-09-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31978 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31977 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31976 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31975 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 3:31983 <-> ENABLED <-> OS-OTHER DHCPv6 flood denial of service attempt (os-other.rules)
 * 3:31982 <-> ENABLED <-> SERVER-OTHER Cisco IOS mdns memory leak (server-other.rules)
 * 3:31984 <-> ENABLED <-> OS-OTHER Cisco IOS mDNS malformed rrlength denial of service attempt (os-other.rules)
 * 3:31979 <-> ENABLED <-> SERVER-OTHER Cisco IOS MediaNet metadata over RSVP IPFIX setlen=4 denial of service attempt (server-other.rules)
 * 3:31980 <-> ENABLED <-> SERVER-OTHER Cisco IOS RSVP Path message with no session attribute denial of service attempt (server-other.rules)
 * 3:31981 <-> ENABLED <-> SERVER-OTHER Cisco RSVP Protocol invalid Set ID DoS attempt (server-other.rules)

Modified Rules:

2961

2014-09-24 14:54:18 UTC

Sourcefire VRT Rules Update

Date: 2014-09-24

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2961.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31976 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31977 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31975 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 1:31978 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules)
 * 3:31982 <-> ENABLED <-> SERVER-OTHER Cisco IOS mdns memory leak (server-other.rules)
 * 3:31979 <-> ENABLED <-> SERVER-OTHER Cisco IOS MediaNet metadata over RSVP IPFIX setlen=4 denial of service attempt (server-other.rules)
 * 3:31980 <-> ENABLED <-> SERVER-OTHER Cisco IOS RSVP Path message with no session attribute denial of service attempt (server-other.rules)
 * 3:31984 <-> ENABLED <-> OS-OTHER Cisco IOS mDNS malformed rrlength denial of service attempt (os-other.rules)
 * 3:31983 <-> ENABLED <-> OS-OTHER DHCPv6 flood denial of service attempt (os-other.rules)
 * 3:31981 <-> ENABLED <-> SERVER-OTHER Cisco RSVP Protocol invalid Set ID DoS attempt (server-other.rules)