[Snort-users] apparent discrepancies at http://www.snort.org/vrt/

Tim Maletic tmaletic at ...11827...
Thu Feb 12 14:09:01 EST 2009


At http://www.snort.org/vrt/advisories/vrt-rules-2009-02-10.html, we
see the following GID|SIDs listed:
GID 3, SIDs 15304 and 15305.
GID 3, SIDs 15301 and 15302.
GID 1, SIDs 15127 through 15144.
GID 3, SIDs 15298, 15299 and 15303.

But at http://www.snort.org/vrt/docs/ruleset_changelogs/2_8/changes-2009-02-10.html,
we see this list:

New rules:
15307 <-> WEB-ACTIVEX Microsoft Animation Control ActiveX clsid access
(web-activex.rules, High)
15308 <-> WEB-ACTIVEX Microsoft Animation Control ActiveX clsid
unicode access (web-activex.rules, High)
15309 <-> WEB-ACTIVEX Microsoft Animation Control ActiveX function
call access (web-activex.rules, High)
15310 <-> WEB-ACTIVEX Microsoft Animation Control ActiveX function
call unicode access (web-activex.rules, High)
15311 <-> WEB-ACTIVEX Research In Motion AxLoader ActiveX clsid access
(web-activex.rules, High)
15312 <-> WEB-ACTIVEX Research In Motion AxLoader ActiveX clsid
unicode access (web-activex.rules, High)
15313 <-> WEB-ACTIVEX Research In Motion AxLoader ActiveX function
call access (web-activex.rules, High)
15314 <-> WEB-ACTIVEX Research In Motion AxLoader ActiveX function
call unicode access (web-activex.rules, High)
15315 <-> WEB-ACTIVEX Akamai DownloadManager ActiveX clsid access
(web-activex.rules, High)
15316 <-> WEB-ACTIVEX Akamai DownloadManager ActiveX clsid unicode
access (web-activex.rules, High)
15317 <-> WEB-ACTIVEX Akamai DownloadManager ActiveX function call
access (web-activex.rules, High)
15318 <-> WEB-ACTIVEX Akamai DownloadManager ActiveX function call
unicode access (web-activex.rules, High)

Can someone explain the discrepancy?  Why do the SIDs in the advisory
not appear in the changelog?
-tm




More information about the Snort-users mailing list