Snort :: Changes 2007-06-13

Sourcefire VRT Rules Update

Date: 2007-06-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.2.

The format of the file is:

sid - Message (rule group)

New rules:
11838 <-> WEB-MISC Win32 API res buffer overflow attempt (web-misc.rules)
11839 <-> WEB-CLIENT TEC-IT TBarCode ActiveX clsid access (web-client.rules)
11840 <-> WEB-CLIENT TEC-IT TBarCode ActiveX clsid unicode access (web-client.rules)
11841 <-> WEB-CLIENT TEC-IT TBarCode ActiveX function call access (web-client.rules)
11842 <-> WEB-CLIENT TEC-IT TBarCode ActiveX function call unicode access (web-client.rules)
11939 <-> WEB-CLIENT Westbyte Internet Download Accelerator ActiveX clsid unicode access (web-client.rules)
11940 <-> WEB-CLIENT Westbyte Internet Download Accelerator ActiveX function call access (web-client.rules)
11941 <-> WEB-CLIENT Westbyte Internet Download Accelerator ActiveX function call unicode access (web-client.rules)
11942 <-> WEB-CLIENT Westbyte internet download accelerator ActiveX clsid access (web-client.rules)
11943 <-> WEB-CLIENT HP ModemUtil ActiveX clsid access (web-client.rules)
11944 <-> WEB-CLIENT HP ModemUtil ActiveX clsid unicode access (web-client.rules)
11947 <-> WEB-CLIENT Windows schannel security package (web-client.rules)

Updated rules:
10381 <-> NETBIOS DCERPC DIRECT svcctl ChangeServiceConfig2A attempt (netbios.rules)
10382 <-> NETBIOS DCERPC DIRECT v4 svcctl ChangeServiceConfig2A attempt (netbios.rules)
10383 <-> NETBIOS DCERPC DIRECT svcctl ChangeServiceConfig2A little endian attempt (netbios.rules)
10384 <-> NETBIOS DCERPC DIRECT v4 svcctl ChangeServiceConfig2A little endian attempt (netbios.rules)
10385 <-> NETBIOS DCERPC DIRECT svcctl ChangeServiceConfig2A object call attempt (netbios.rules)
10386 <-> NETBIOS DCERPC DIRECT svcctl ChangeServiceConfig2A little endian object call attempt (netbios.rules)
11826 <-> WEB-CLIENT Microsoft Voice Control ActiveX clsid access (web-client.rules)
11827 <-> WEB-CLIENT Microsoft Voice Control ActiveX clsid unicode access (web-client.rules)
11828 <-> WEB-CLIENT Microsoft Voice Control ActiveX function call access (web-client.rules)
11829 <-> WEB-CLIENT Microsoft Voice Control ActiveX function call unicode access (web-client.rules)
11830 <-> WEB-CLIENT Microsoft Direct Speech Recognition ActiveX clsid access (web-client.rules)
11831 <-> WEB-CLIENT Microsoft Direct Speech Recognition ActiveX clsid unicode access (web-client.rules)
11832 <-> WEB-CLIENT Microsoft Direct Speech Recognition ActiveX function call access (web-client.rules)
11833 <-> WEB-CLIENT Microsoft Direct Speech Recognition ActiveX function call unicode access (web-client.rules)

Snort

Sourcefire VRT Rules Update

Date: 2007-06-13

Snort Links

Community

Sourcefire