Sourcefire VRT Rules Update

Date: 2007-06-11

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.3.

The format of the file is:

sid - Message (rule group)

New rules:
11620 <-> WEB-CLIENT DXImageTransform.Microsoft.Chroma ActiveX function call access (web-client.rules)
11622 <-> WEB-CLIENT Microsoft Office 2000 OUACTR ActiveX clsid access (web-client.rules)
11623 <-> WEB-CLIENT Microsoft Office 2000 OUACTR ActiveX clsid unicode access (web-client.rules)
11624 <-> WEB-CLIENT LeadTools ISIS ActiveX clsid access (web-client.rules)
11625 <-> WEB-CLIENT LeadTools ISIS ActiveX clsid unicode access (web-client.rules)
11626 <-> WEB-CLIENT LeadTools ISIS ActiveX function call access (web-client.rules)
11627 <-> WEB-CLIENT LeadTools ISIS ActiveX function call unicode access (web-client.rules)
11628 <-> WEB-CLIENT LeadTools JPEG 2000 COM Object ActiveX function call access (web-client.rules)
11630 <-> WEB-CLIENT LeadTools Raster Dialog File Object ActiveX clsid access (web-client.rules)
11631 <-> WEB-CLIENT LeadTools Raster Dialog File Object ActiveX clsid unicode access (web-client.rules)
11632 <-> WEB-CLIENT LeadTools Raster Dialog File Object ActiveX function call access (web-client.rules)
11634 <-> WEB-CLIENT LeadTools Raster Dialog File_D Object ActiveX clsid access (web-client.rules)
11635 <-> WEB-CLIENT LeadTools Raster Dialog File_D Object ActiveX clsid unicode access (web-client.rules)
11636 <-> WEB-CLIENT LeadTools Raster Dialog File_D Object ActiveX function call access (web-client.rules)
11638 <-> WEB-CLIENT LeadTools Raster Document Object Library ActiveX clsid access (web-client.rules)
11639 <-> WEB-CLIENT LeadTools Raster Document Object Library ActiveX clsid unicode access (web-client.rules)
11640 <-> WEB-CLIENT LeadTools Raster Document Object Library ActiveX function call access (web-client.rules)
11642 <-> WEB-CLIENT LeadTools Raster ISIS Object ActiveX clsid access (web-client.rules)
11643 <-> WEB-CLIENT LeadTools Raster ISIS Object ActiveX clsid unicode access (web-client.rules)
11644 <-> WEB-CLIENT LeadTools Raster ISIS Object ActiveX function call access (web-client.rules)
11645 <-> WEB-CLIENT LeadTools Raster ISIS Object ActiveX function call unicode access (web-client.rules)
11646 <-> WEB-CLIENT LeadTools Raster Thumbnail Object Library ActiveX clsid access (web-client.rules)
11647 <-> WEB-CLIENT LeadTools Raster Thumbnail Object Library ActiveX clsid unicode access (web-client.rules)
11648 <-> WEB-CLIENT LeadTools Raster Thumbnail Object Library ActiveX function call access (web-client.rules)
11650 <-> WEB-CLIENT LeadTools Raster Variant Object Library ActiveX clsid access (web-client.rules)
11651 <-> WEB-CLIENT LeadTools Raster Variant Object Library ActiveX clsid unicode access (web-client.rules)
11652 <-> WEB-CLIENT LeadTools Raster Variant Object Library ActiveX function call access (web-client.rules)
11654 <-> WEB-CLIENT LeadTools Thumbnail Browser Control ActiveX clsid access (web-client.rules)
11655 <-> WEB-CLIENT LeadTools Thumbnail Browser Control ActiveX clsid unicode access (web-client.rules)
11656 <-> WEB-CLIENT LeadTools Thumbnail Browser Control ActiveX function call access (web-client.rules)
11657 <-> WEB-CLIENT LeadTools Thumbnail Browser Control ActiveX function call unicode access (web-client.rules)
11658 <-> WEB-CLIENT Dart ZipLite Compression ActiveX clsid access (web-client.rules)
11659 <-> WEB-CLIENT Dart ZipLite Compression ActiveX clsid unicode access (web-client.rules)
11660 <-> WEB-CLIENT EDraw Office Viewer ActiveX clsid access (web-client.rules)
11661 <-> WEB-CLIENT EDraw Office Viewer ActiveX clsid unicode access (web-client.rules)
11662 <-> WEB-CLIENT EDraw Office Viewer ActiveX function call access (web-client.rules)
11664 <-> WEB-PHP sphpblog password.txt access attempt (web-php.rules)
11665 <-> WEB-PHP sphpblog install03_cgi access attempt (web-php.rules)
11666 <-> WEB-PHP sphpblog upload_img_cgi access attempt (web-php.rules)
11667 <-> WEB-PHP sphpblog arbitrary file delete attempt (web-php.rules)
11668 <-> WEB-PHP vbulletin php code injection (web-php.rules)
11669 <-> SPECIFIC-THREATS Eudora 250 command response buffer overflow (specific-threats.rules)
11671 <-> WEB-MISC SSLv2 Server_Hello request from SSLv3 Client_Hello request (web-misc.rules)
11673 <-> WEB-CLIENT Zenturi ProgramChecker ActiveX clsid access (web-client.rules)
11674 <-> WEB-CLIENT Zenturi ProgramChecker ActiveX clsid unicode access (web-client.rules)
11675 <-> WEB-CLIENT Zenturi ProgramChecker ActiveX function call access (web-client.rules)
11677 <-> WEB-CLIENT Provideo Camimage Class ISSCamControl ActiveX clsid access (web-client.rules)
11678 <-> WEB-CLIENT Provideo Camimage Class ISSCamControl ActiveX clsid unicode access (web-client.rules)
11679 <-> WEB-MISC Apache mod_rewrite buffer overflow attempt (web-misc.rules)
11680 <-> MISC Sun Java web proxy sockd buffer overflow attempt (misc.rules)
11681 <-> EXPLOIT Openview Omni II command bypass attempt (exploit.rules)
11684 <-> EXPLOIT WINS Overflow attempt (exploit.rules)
11685 <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules)
11687 <-> WEB-MISC Apache SSI error page cross-site scripting (web-misc.rules)
11688 <-> NETBIOS SMB nddeapi bind attempt (netbios.rules)
11689 <-> NETBIOS SMB nddeapi unicode bind attempt (netbios.rules)
11690 <-> NETBIOS SMB nddeapi WriteAndX bind attempt (netbios.rules)
11691 <-> NETBIOS SMB nddeapi WriteAndX unicode bind attempt (netbios.rules)
11692 <-> NETBIOS SMB-DS nddeapi bind attempt (netbios.rules)
11693 <-> NETBIOS SMB-DS nddeapi WriteAndX bind attempt (netbios.rules)
11694 <-> NETBIOS SMB-DS nddeapi unicode bind attempt (netbios.rules)
11695 <-> NETBIOS SMB-DS nddeapi WriteAndX unicode bind attempt (netbios.rules)
11696 <-> NETBIOS SMB nddeapi little endian bind attempt (netbios.rules)
11697 <-> NETBIOS SMB nddeapi WriteAndX little endian bind attempt (netbios.rules)
11698 <-> NETBIOS SMB nddeapi unicode little endian bind attempt (netbios.rules)
11699 <-> NETBIOS SMB nddeapi WriteAndX unicode little endian bind attempt (netbios.rules)
11700 <-> NETBIOS SMB-DS nddeapi little endian bind attempt (netbios.rules)
11701 <-> NETBIOS SMB-DS nddeapi WriteAndX little endian bind attempt (netbios.rules)
11702 <-> NETBIOS SMB-DS nddeapi unicode little endian bind attempt (netbios.rules)
11703 <-> NETBIOS SMB-DS nddeapi WriteAndX unicode little endian bind attempt (netbios.rules)
11704 <-> NETBIOS SMB nddeapi andx alter context attempt (netbios.rules)
11705 <-> NETBIOS SMB nddeapi unicode andx alter context attempt (netbios.rules)
11706 <-> NETBIOS SMB nddeapi WriteAndX andx alter context attempt (netbios.rules)
11707 <-> NETBIOS SMB nddeapi WriteAndX unicode andx alter context attempt (netbios.rules)
11708 <-> NETBIOS SMB-DS nddeapi andx alter context attempt (netbios.rules)
11709 <-> NETBIOS SMB-DS nddeapi WriteAndX andx alter context attempt (netbios.rules)
11710 <-> NETBIOS SMB-DS nddeapi unicode andx alter context attempt (netbios.rules)
11711 <-> NETBIOS SMB-DS nddeapi WriteAndX unicode andx alter context attempt (netbios.rules)
11712 <-> NETBIOS SMB nddeapi little endian andx alter context attempt (netbios.rules)
11713 <-> NETBIOS SMB nddeapi WriteAndX little endian andx alter context attempt (netbios.rules)
11714 <-> NETBIOS SMB nddeapi unicode little endian andx alter context attempt (netbios.rules)
11715 <-> NETBIOS SMB nddeapi WriteAndX unicode little endian andx alter context attempt (netbios.rules)
11716 <-> NETBIOS SMB-DS nddeapi little endian andx alter context attempt (netbios.rules)
11717 <-> NETBIOS SMB-DS nddeapi WriteAndX little endian andx alter context attempt (netbios.rules)
11718 <-> NETBIOS SMB-DS nddeapi unicode little endian andx alter context attempt (netbios.rules)
11719 <-> NETBIOS SMB-DS nddeapi WriteAndX unicode little endian andx alter context attempt (netbios.rules)
11720 <-> NETBIOS SMB nddeapi andx bind attempt (netbios.rules)
11721 <-> NETBIOS SMB nddeapi unicode andx bind attempt (netbios.rules)
11722 <-> NETBIOS SMB nddeapi WriteAndX andx bind attempt (netbios.rules)
11723 <-> NETBIOS SMB nddeapi WriteAndX unicode andx bind attempt (netbios.rules)
11724 <-> NETBIOS SMB-DS nddeapi andx bind attempt (netbios.rules)
11725 <-> NETBIOS SMB-DS nddeapi WriteAndX andx bind attempt (netbios.rules)
11726 <-> NETBIOS SMB-DS nddeapi unicode andx bind attempt (netbios.rules)
11727 <-> NETBIOS SMB-DS nddeapi WriteAndX unicode andx bind attempt (netbios.rules)
11728 <-> NETBIOS SMB nddeapi little endian andx bind attempt (netbios.rules)
11729 <-> NETBIOS SMB nddeapi WriteAndX little endian andx bind attempt (netbios.rules)
11730 <-> NETBIOS SMB nddeapi unicode little endian andx bind attempt (netbios.rules)
11731 <-> NETBIOS SMB nddeapi WriteAndX unicode little endian andx bind attempt (netbios.rules)
11732 <-> NETBIOS SMB-DS nddeapi little endian andx bind attempt (netbios.rules)
11733 <-> NETBIOS SMB-DS nddeapi WriteAndX little endian andx bind attempt (netbios.rules)
11734 <-> NETBIOS SMB-DS nddeapi unicode little endian andx bind attempt (netbios.rules)
11735 <-> NETBIOS SMB-DS nddeapi WriteAndX unicode little endian andx bind attempt (netbios.rules)
11816 <-> NETBIOS Session Service NetDDE attack (netbios.rules)
11817 <-> WEB-CGI WhatsUpGold configuration access (web-cgi.rules)
11818 <-> WEB-CLIENT Yahoo Webcam Viewer Wrapper ActiveX clsid access (web-client.rules)
11819 <-> WEB-CLIENT Yahoo Webcam Viewer Wrapper ActiveX clsid unicode access (web-client.rules)
11820 <-> WEB-CLIENT Yahoo Webcam Viewer Wrapper ActiveX function call access (web-client.rules)
11821 <-> WEB-CLIENT Yahoo Webcam Viewer Wrapper ActiveX function call unicode access (web-client.rules)
11822 <-> WEB-CLIENT Yahoo Webcam Upload ActiveX clsid access (web-client.rules)
11823 <-> WEB-CLIENT Yahoo Webcam Upload ActiveX clsid unicode access (web-client.rules)
11824 <-> WEB-CLIENT Yahoo Webcam Upload ActiveX function call access (web-client.rules)
11825 <-> WEB-CLIENT Yahoo Webcam Upload ActiveX function call unicode access (web-client.rules)

Updated rules:
1321 <-> BAD-TRAFFIC 0 ttl (bad-traffic.rules)
1394 <-> SHELLCODE x86 NOOP (shellcode.rules)
1399 <-> WEB-PHP PHP-Nuke remote file include attempt (web-php.rules)
1882 <-> ATTACK-RESPONSES id check returned userid (attack-responses.rules)
2002 <-> WEB-PHP remote include path (web-php.rules)
2143 <-> WEB-PHP b2 cafelog gm-2-b2.php remote file include attempt (web-php.rules)
2147 <-> WEB-PHP BLNews objects.inc.php4 remote file include attempt (web-php.rules)
2150 <-> WEB-PHP ttCMS header.php remote file include attempt (web-php.rules)
2155 <-> WEB-PHP ttforum remote file include attempt (web-php.rules)
2226 <-> WEB-PHP pmachine remote file include attempt (web-php.rules)
2306 <-> WEB-PHP gallery remote file include attempt (web-php.rules)
2307 <-> WEB-PHP PayPal Storefront remote file include attempt (web-php.rules)
2575 <-> WEB-PHP Opt-X header.php remote file include attempt (web-php.rules)
2582 <-> WEB-MISC Crystal Reports crystalImageHandler.aspx directory traversal attempt (web-misc.rules)
2597 <-> WEB-MISC Samba SWAT Authorization overflow attempt (web-misc.rules)
2598 <-> WEB-MISC Samba SWAT Authorization port 901 overflow attempt (web-misc.rules)
2928 <-> NETBIOS SMB-DS nddeapi little endian alter context attempt (netbios.rules)
2929 <-> NETBIOS SMB-DS nddeapi WriteAndX little endian alter context attempt (netbios.rules)
2930 <-> NETBIOS SMB-DS nddeapi unicode little endian alter context attempt (netbios.rules)
2931 <-> NETBIOS SMB-DS nddeapi WriteAndX unicode little endian alter context attempt (netbios.rules)
2932 <-> NETBIOS SMB nddeapi alter context attempt (netbios.rules)
2933 <-> NETBIOS SMB nddeapi unicode alter context attempt (netbios.rules)
2934 <-> NETBIOS SMB-DS nddeapi alter context attempt (netbios.rules)
2935 <-> NETBIOS SMB-DS nddeapi WriteAndX alter context attempt (netbios.rules)
2956 <-> NETBIOS SMB nddeapi little endian alter context attempt (netbios.rules)
2957 <-> NETBIOS SMB nddeapi WriteAndX little endian alter context attempt (netbios.rules)
2958 <-> NETBIOS SMB nddeapi unicode little endian alter context attempt (netbios.rules)
2959 <-> NETBIOS SMB nddeapi WriteAndX unicode little endian alter context attempt (netbios.rules)
2960 <-> NETBIOS SMB nddeapi WriteAndX alter context attempt (netbios.rules)
2961 <-> NETBIOS SMB nddeapi WriteAndX unicode alter context attempt (netbios.rules)
2962 <-> NETBIOS SMB-DS nddeapi unicode alter context attempt (netbios.rules)
2963 <-> NETBIOS SMB-DS nddeapi WriteAndX unicode alter context attempt (netbios.rules)
4638 <-> EXPLOIT RSVP Protocol zero length object DoS attempt (exploit.rules)
5694 <-> P2P Skype client setup get newest version attempt (p2p.rules)
7908 <-> WEB-CLIENT DXImageTransform.Microsoft.Chroma ActiveX clsid access (web-client.rules)
7909 <-> WEB-CLIENT DXImageTransform.Microsoft.Chroma ActiveX clsid unicode access (web-client.rules)
10106 <-> DELETED BACKDOOR icmp cmd 1.0 runtime detection - download file (deleted.rules)
11193 <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules)
11194 <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules)
11223 <-> WEB-MISC google proxystylesheet arbitrary command execution attempt (web-misc.rules)
11264 <-> MS-SQL Microsoft SQL Server 2000 Server hello buffer overflow attempt (sql.rules)
11273 <-> WEB-MISC Apache header parsing space saturation denial of service attempt (web-misc.rules)
11315 <-> DELETED BACKDOOR ykw v375 runtime detection (deleted.rules)
11616 <-> WEB-MISC Symantec Sygate Policy Manager SQL injection (web-misc.rules)