[Snort-sigs] Sourcefire VRT Certified Rule Release Correction Notice

research at ...435... research at ...435...
Thu Mar 13 13:12:48 EDT 2008

Hash: SHA1

Sourcefire VRT Certified Rule Release Correction Notice
Date: 2008-03-13

There are no new or modified rules to accompany this notice. This is not a certified rule release.

Microsoft Security Bulletin (MS08-017):
The advisory notice on 2008-03-11 erroneously stated that SIDs 13574 through 13581 were released to provide detection coverage for this vulnerability. Prior to release however, the Sourcefire VRT determined that previously released rules would provide the same coverage. In order to avoid duplication of detection, leading to multiple events for the same attack data, the new rules were removed.

The advisory notice has been changed as follows:

 Rules to detect attacks targeting this vulnerability are included in  this release and are identified with GID 3, SIDs 13580 and 13581.
 Additionally, previously released rules will also detect attempts to  attack these vulnerabilities and are identified with GID 1 and SIDs  4170, 4177, 7870, 7871 and 13468.

As always, a complete list of new and modified rules was provided in separate changelogs on snort.org. These files were correct and should be used to determine the actual rule-related content of the 2008-03-11 release.

About the VRT:
The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.

Version: GnuPG v1.4.5 (Cygwin)


More information about the Snort-sigs mailing list