[Snort-sigs] CVE-2012-5076 and CVE-2012-1723 Rules

Will Metcalf william.metcalf at ...2420...
Mon Nov 26 12:19:17 EST 2012

Just to make something clear this is not BHEK. This is what Chirs
Wakelin labeled Pamdql what we later found out was Sweet Orange EK.
Not that anybody probably cares all that much :)...



On Mon, Nov 26, 2012 at 9:28 AM, Joel Esler <jesler at ...435...> wrote:
> On Nov 26, 2012, at 10:21 AM, "lists at ...3397..." <lists at ...3397...>
> wrote:
> On 11/26/2012 09:14 AM, Joel Esler wrote:
> As far as the community ruleset, the tl;dr is yes.
> Excellent, thanks Joel, and thanks too for taking my E-Mail in the context
> it
> was intended -- Friendly open discussion around differences in both rule
> sets.
> I am very much looking forward to this getting completed and working with
> you
> again.  Cooperation in the info sec community ensures the greater good will
> benefit.  Having a well structured and working feedback loop from community
> input (rules, URL structures, PCAPs, etc) will certainly strengthen the
> ruleset
> in the same way it has on the ET side.
> So what we've been doing in the meantime is accepting any submissions that
> come in (some attributed via the blog, some don't want to be attributed
> which is fine) and putting them in after testing via our normal methods.
> When the community ruleset is rolled out, a metadata tag will be added to
> those rules that have been submitted by the community, and all those will be
> placed into their own ruleset for free-to-everyone download.  Subscribers
> will not have to do anything.
> --
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire
> ------------------------------------------------------------------------------
> Monitor your physical, virtual and cloud infrastructure from a single
> web console. Get in-depth insight into apps, servers, databases, vmware,
> SAP, cloud infrastructure, etc. Download 30-day Free Trial.
> Pricing starts from $795 for 25 servers or applications!
> http://p.sf.net/sfu/zoho_dev2dev_nov
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
> Please visit http://blog.snort.org for the latest news about Snort!

More information about the Snort-sigs mailing list