On 0, Stephanie Tan <stephanie.tan@gmail.com> allegedly wrote:
Hi,
I went through the Snort rules database and the CAN/CVE numbers below
are not in there (I understand not all exist in there anyways).
But I was wondering if anyone has created these rules and if so, if
they could please share them with me?
This one is referenced.
CAN-2002-0150
Sids 1768, 1801, 1802, 1803 and 1804
For the others, see if you can cross-reference with bugtraq numbers and
see if those bugtraq numbers show up first. It may be that the cve
number just isn't referenced. Also take a look in the rule docs, we also
put related references in there.
In fact, see if you can cross reference with any other references. Some
of these are quite old, don't forget to check in deleted.rules. Your
best bet is to look in the sid-msg.map for the refs. Don't discount the
possibility that some detection for these issues may now be done in
pre-processors, I can't say which without looking at each reference
closely.
CAN-2002-0020
CAN-2001-0509
CAN-2001-0508
CAN-2001-0334
CAN-2001-0335
CAN-2001-0151
CAN-2001-0146
CVE-2000-0886
CVE-2000-0770
Thanks,
-Stephanie
+--------------------------------------------------------------------+
Nigel Houghton Research Engineer Sourcefire Inc.
Vulnerability Research Team
Stewie: This is treason.. for God sakes Peter make an example of
her.. nothing says 'obey me' like a bloody head on a fence post.
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id�396&opÌk
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
