Sourcefire VRT Rules Update

Date: 2007-07-10

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.4.

The format of the file is:

sid - Message (rule group)

New rules:
12056 <-> WEB-CGI WhatsUpGold instancename overflow attempt (web-cgi.rules)
12057 <-> WEB-CGI WhatsUpGold configuration access (web-cgi.rules)
12058 <-> SPECIFIC-THREATS Microsoft SPNEGO ASN.1 library heap corruption overflow attempt (specific-threats.rules)
12059 <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules)
12060 <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules)
12062 <-> WEB-CLIENT HP Instant Support ActiveX clsid access (web-client.rules)
12063 <-> WEB-CLIENT HP Instant Support ActiveX clsid unicode access (web-client.rules)
12064 <-> WEB-IIS w3svc _vti_bin null pointer dereference attempt (web-iis.rules)
12065 <-> POLICY Outbound Teredo traffic detected (policy.rules)
12066 <-> POLICY Inbound Teredo traffic detected (policy.rules)
12067 <-> POLICY Outbound Teredo traffic detected (policy.rules)
12068 <-> POLICY Inbound Teredo traffic detected (policy.rules)

Updated rules:
1394 <-> SHELLCODE x86 NOOP (shellcode.rules)
11264 <-> MS-SQL Microsoft SQL Server 2000 Server hello buffer overflow attempt (sql.rules)
11291 <-> WEB-CLIENT Hewlett Packard HPQVWOCX.DL ActiveX clsid access (web-client.rules)
11292 <-> WEB-CLIENT Hewlett Packard HPQVWOCX.DL ActiveX clsid unicode access (web-client.rules)
11686 <-> SPECIFIC-THREATS WebDAV search overflow (specific-threats.rules)