[Snort-sigs] CVE-2012-5076 and CVE-2012-1723 Rules

Joel Esler jesler at ...435...
Mon Nov 26 12:22:12 EST 2012


Thanks Will.  That's probably why we don't catch it.  :)

I'll look into Sweet Orange.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

On Nov 26, 2012, at 12:19 PM, Will Metcalf <william.metcalf at ...2420...> wrote:

> Just to make something clear this is not BHEK. This is what Chirs
> Wakelin labeled Pamdql what we later found out was Sweet Orange EK.
> Not that anybody probably cares all that much :)...
> 
> Regards,
> 
> Will
> 
> On Mon, Nov 26, 2012 at 9:28 AM, Joel Esler <jesler at ...435...> wrote:
>> On Nov 26, 2012, at 10:21 AM, "lists at ...3397..." <lists at ...3397...>
>> wrote:
>> 
>> On 11/26/2012 09:14 AM, Joel Esler wrote:
>> 
>> As far as the community ruleset, the tl;dr is yes.
>> 
>> 
>> Excellent, thanks Joel, and thanks too for taking my E-Mail in the context
>> it
>> was intended -- Friendly open discussion around differences in both rule
>> sets.
>> 
>> I am very much looking forward to this getting completed and working with
>> you
>> again.  Cooperation in the info sec community ensures the greater good will
>> benefit.  Having a well structured and working feedback loop from community
>> input (rules, URL structures, PCAPs, etc) will certainly strengthen the
>> ruleset
>> in the same way it has on the ET side.
>> 
>> 
>> So what we've been doing in the meantime is accepting any submissions that
>> come in (some attributed via the blog, some don't want to be attributed
>> which is fine) and putting them in after testing via our normal methods.
>> 
>> When the community ruleset is rolled out, a metadata tag will be added to
>> those rules that have been submitted by the community, and all those will be
>> placed into their own ruleset for free-to-everyone download.  Subscribers
>> will not have to do anything.
>> 
>> --
>> Joel Esler
>> Senior Research Engineer, VRT
>> OpenSource Community Manager
>> Sourcefire
>> 
>> ------------------------------------------------------------------------------
>> Monitor your physical, virtual and cloud infrastructure from a single
>> web console. Get in-depth insight into apps, servers, databases, vmware,
>> SAP, cloud infrastructure, etc. Download 30-day Free Trial.
>> Pricing starts from $795 for 25 servers or applications!
>> http://p.sf.net/sfu/zoho_dev2dev_nov
>> _______________________________________________
>> Snort-sigs mailing list
>> Snort-sigs at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>> http://www.snort.org
>> 
>> 
>> Please visit http://blog.snort.org for the latest news about Snort!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20121126/98552b62/attachment.html>


More information about the Snort-sigs mailing list