Thursday, September 25, 2014

Snort Community Rule Set out-of-band release for CVE-2014-7169, CVE-2014-6271

Our Snort Community Rule Set is normally published every morning, however, because of the increasing interest in vulnerability CVE-2014-6271 and CVE-2014-7169, commonly known as "that bad bash vulnerability", we've pushed the coverage written for the vulnerability into the Snort Community Ruleset to allow everyone to get it for free, without delay.

The Snort Community Rule Set is available for immediate download at: https://www.snort.org/downloads.

Rules 31975-31978,31985 cover this vulnerability from several different attack vectors.  Further research is under way on additional attack vectors, and further coverage will be posted at that time.

If you run a pulledpork update, and have the community ruleset enabled (which it is by default):

rule_url=https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|Community

 You will download the latest update.