Sourcefire VRT Rules Update

Date: 2007-08-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.6.

The format of the file is:

sid - Message (rule group)

New rules:
12203 <-> WEB-CLIENT VMWare Vielib.dll ActiveX clsid access (web-client.rules)
12204 <-> WEB-CLIENT VMWare Vielib.dll ActiveX clsid unicode access (web-client.rules)
12205 <-> WEB-CLIENT VMWare Vielib.dll ActiveX function call access (web-client.rules)
12206 <-> WEB-CLIENT VMWare Vielib.dll ActiveX function call unicode access (web-client.rules)
12207 <-> WEB-CLIENT Computer Associates ETrust Intrusion Detection Caller.DLL ActiveX function call access (web-client.rules)
12208 <-> WEB-CLIENT Computer Associates ETrust Intrusion Detection Caller.DLL ActiveX function call unicode access (web-client.rules)
12209 <-> POLICY P2PTv TVAnt udp traffic detected (policy.rules)
12210 <-> POLICY P2PTv TVAnts TCP tracker connect traffic detected (policy.rules)
12211 <-> POLICY P2PTv TVAnts TCP connection traffic detected (policy.rules)
12212 <-> IMAP Ipswitch IMail search date command buffer overflow attempt (imap.rules)
12213 <-> IMAP Ipswitch IMail search date command buffer overflow attempt (imap.rules)
12214 <-> IMAP Ipswitch IMail subscribe command buffer overflow attempt (imap.rules)
12215 <-> IMAP Ipswitch IMail subscribe command buffer overflow attempt (imap.rules)
12216 <-> EXPLOIT Borland interbase Create Request opcode string length buffer overflow attempt (exploit.rules)
12217 <-> EXPLOIT Borland interbase string length buffer overflow attempt (exploit.rules)
12218 <-> EXPLOIT Borland interbase string length buffer overflow attempt (exploit.rules)
12219 <-> WEB-CLIENT SMIL RealPlayer wallclock parsing buffer overflow (web-client.rules)
12220 <-> EXPLOIT IBM Informix Dynamic Server long username (exploit.rules)
12221 <-> WEB-PHP file upload GLOBAL variable overwrite attempt (web-php.rules)
12222 <-> EXPLOIT Squid proxy long WCCP packet (exploit.rules)
12223 <-> EXPLOIT Novell WebAdmin long user name (exploit.rules)

Updated rules:
3455 <-> EXPLOIT Bontago Game Server Nickname buffer overflow (exploit.rules)
4130 <-> EXPLOIT Novell ZenWorks Remote Management Agent buffer overflow Attempt (exploit.rules)
7556 <-> SPYWARE-PUT Hijacker blazefind runtime detection - search bar (spyware-put.rules)
11618 <-> EXPLOIT Trend Micro ServerProtect EarthAgent DCE-RPC Stack overflow (exploit.rules)
11684 <-> EXPLOIT WINS overflow attempt (exploit.rules)
12078 <-> EXPLOIT CA BrightStor LGServer Heap buffer overflow (exploit.rules)
12079 <-> EXPLOIT CA BrightStor LGServer Stack buffer overflow (exploit.rules)
12168 <-> WEB-CLIENT Computer Associates ETrust Intrusion Detection Caller.DLL ActiveX clsid access (web-client.rules)
12169 <-> WEB-CLIENT Computer Associates ETrust Intrusion Detection Caller.DLL ActiveX clsid unicode access (web-client.rules)
12193 <-> WEB-CLIENT Yahoo Widgets Engine ActiveX clsid access (web-client.rules)
12194 <-> WEB-CLIENT Yahoo Widgets Engine ActiveX clsid unicode access (web-client.rules)
12195 <-> WEB-CLIENT Yahoo Widgets Engine ActiveX function call access (web-client.rules)
12196 <-> WEB-CLIENT Yahoo Widgets Engine ActiveX function call unicode access (web-client.rules)