Sourcefire VRT Rules Update
Date: 2007-08-07
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.7.
The format of the file is:
sid - Message (rule group)
New rules: 12203 <-> WEB-CLIENT VMWare Vielib.dll ActiveX clsid access (web-client.rules) 12204 <-> WEB-CLIENT VMWare Vielib.dll ActiveX clsid unicode access (web-client.rules) 12205 <-> WEB-CLIENT VMWare Vielib.dll ActiveX function call access (web-client.rules) 12206 <-> WEB-CLIENT VMWare Vielib.dll ActiveX function call unicode access (web-client.rules) 12207 <-> WEB-CLIENT Computer Associates ETrust Intrusion Detection Caller.DLL ActiveX function call access (web-client.rules) 12208 <-> WEB-CLIENT Computer Associates ETrust Intrusion Detection Caller.DLL ActiveX function call unicode access (web-client.rules) 12209 <-> POLICY P2PTv TVAnt udp traffic detected (policy.rules) 12210 <-> POLICY P2PTv TVAnts TCP tracker connect traffic detected (policy.rules) 12211 <-> POLICY P2PTv TVAnts TCP connection traffic detected (policy.rules) 12212 <-> IMAP Ipswitch IMail search date command buffer overflow attempt (imap.rules) 12213 <-> IMAP Ipswitch IMail search date command buffer overflow attempt (imap.rules) 12214 <-> IMAP Ipswitch IMail subscribe command buffer overflow attempt (imap.rules) 12215 <-> IMAP Ipswitch IMail subscribe command buffer overflow attempt (imap.rules) 12216 <-> EXPLOIT Borland interbase Create Request opcode string length buffer overflow attempt (exploit.rules) 12217 <-> EXPLOIT Borland interbase string length buffer overflow attempt (exploit.rules) 12218 <-> EXPLOIT Borland interbase string length buffer overflow attempt (exploit.rules) 12219 <-> WEB-CLIENT SMIL RealPlayer wallclock parsing buffer overflow (web-client.rules) 12220 <-> EXPLOIT IBM Informix Dynamic Server long username (exploit.rules) 12221 <-> WEB-PHP file upload GLOBAL variable overwrite attempt (web-php.rules) 12222 <-> EXPLOIT Squid proxy long WCCP packet (exploit.rules) 12223 <-> EXPLOIT Novell WebAdmin long user name (exploit.rules) Updated rules: 3455 <-> EXPLOIT Bontago Game Server Nickname buffer overflow (exploit.rules) 4130 <-> EXPLOIT Novell ZenWorks Remote Management Agent buffer overflow Attempt (exploit.rules) 7556 <-> SPYWARE-PUT Hijacker blazefind runtime detection - search bar (spyware-put.rules) 11618 <-> EXPLOIT Trend Micro ServerProtect EarthAgent DCE-RPC Stack overflow (exploit.rules) 11684 <-> EXPLOIT WINS overflow attempt (exploit.rules) 12078 <-> EXPLOIT CA BrightStor LGServer Heap buffer overflow (exploit.rules) 12079 <-> EXPLOIT CA BrightStor LGServer Stack buffer overflow (exploit.rules) 12168 <-> WEB-CLIENT Computer Associates ETrust Intrusion Detection Caller.DLL ActiveX clsid access (web-client.rules) 12169 <-> WEB-CLIENT Computer Associates ETrust Intrusion Detection Caller.DLL ActiveX clsid unicode access (web-client.rules) 12193 <-> WEB-CLIENT Yahoo Widgets Engine ActiveX clsid access (web-client.rules) 12194 <-> WEB-CLIENT Yahoo Widgets Engine ActiveX clsid unicode access (web-client.rules) 12195 <-> WEB-CLIENT Yahoo Widgets Engine ActiveX function call access (web-client.rules) 12196 <-> WEB-CLIENT Yahoo Widgets Engine ActiveX function call unicode access (web-client.rules)
