Sourcefire VRT Rules Update
Date: 2007-07-10
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.4.
The format of the file is:
sid - Message (rule group)
New rules: 12056 <-> WEB-CGI WhatsUpGold instancename overflow attempt (web-cgi.rules) 12057 <-> WEB-CGI WhatsUpGold configuration access (web-cgi.rules) 12058 <-> SPECIFIC-THREATS Microsoft SPNEGO ASN.1 library heap corruption overflow attempt (specific-threats.rules) 12059 <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules) 12060 <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules) 12062 <-> WEB-CLIENT HP Instant Support ActiveX clsid access (web-client.rules) 12063 <-> WEB-CLIENT HP Instant Support ActiveX clsid unicode access (web-client.rules) 12064 <-> WEB-IIS w3svc _vti_bin null pointer dereference attempt (web-iis.rules) 12065 <-> POLICY Outbound Teredo traffic detected (policy.rules) 12066 <-> POLICY Inbound Teredo traffic detected (policy.rules) 12067 <-> POLICY Outbound Teredo traffic detected (policy.rules) 12068 <-> POLICY Inbound Teredo traffic detected (policy.rules) Updated rules: 1394 <-> SHELLCODE x86 NOOP (shellcode.rules) 11264 <-> MS-SQL Microsoft SQL Server 2000 Server hello buffer overflow attempt (sql.rules) 11291 <-> WEB-CLIENT Hewlett Packard HPQVWOCX.DL ActiveX clsid access (web-client.rules) 11292 <-> WEB-CLIENT Hewlett Packard HPQVWOCX.DL ActiveX clsid unicode access (web-client.rules) 11686 <-> SPECIFIC-THREATS WebDAV search overflow (specific-threats.rules)
