Sourcefire VRT Rules Update

Date: 2007-11-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.6.

The format of the file is:

sid - Message (rule group)

New rules:
12707 <-> WEB-CLIENT RealNetworks RealPlayer lyrics heap overflow attempt (web-client.rules)
12708 <-> RPC MIT Kerberos kadmind auth buffer overflow attempt (rpc.rules)
12709 <-> SPECIFIC-THREATS ASN.1 constructed bit string (specific-threats.rules)
12710 <-> SPECIFIC-THREATS ASN.1 constructed bit string (specific-threats.rules)
12711 <-> WEB-MISC Apache Tomcat WebDAV system tag remote file disclosure attempt (web-misc.rules)
12712 <-> SNMP oversized sysName set request (snmp.rules)
12713 <-> ORACLE pitrig_dropmetadata buffer overflow attempt (oracle.rules)

Updated rules:
5804 <-> DELETED SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - ads (deleted.rules)
5932 <-> SPYWARE-PUT Adware cashbar runtime detection - stats track (spyware-put.rules)
11968 <-> VOIP-SIP Inbound INVITE Message (voip.rules)
11973 <-> VOIP-SIP Via Header Hostname Buffer Overflow Attempt (voip.rules)
12643 <-> WEB-CLIENT URI External handler arbitrary command attempt (web-client.rules)
12680 <-> VOIP-SIP Via Header Hostname Buffer Overflow Attempt - TCP (voip.rules)
12687 <-> WEB-CLIENT Microsoft Windows ShellExecute and IE7 url handling code execution attempt (web-client.rules)
12688 <-> WEB-CLIENT Microsoft Windows ShellExecute and IE7 url handling code execution attempt (web-client.rules)