Sourcefire VRT Rules Update

Date: 2007-10-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.7.

The format of the file is:

sid - Message (rule group)

New rules:
12596 <-> EXPLOIT CA BrightStor LGServer username buffer overflow attempt (exploit.rules)
12597 <-> DOS utf8 filename transfer attempt (dos.rules)
12598 <-> WEB-CLIENT Xunlei Web Thunder ActiveX clsid access (web-client.rules)
12599 <-> WEB-CLIENT Xunlei Web Thunder ActiveX clsid unicode access (web-client.rules)
12600 <-> WEB-CLIENT ebCrypt IncrementalHash ActiveX clsid access (web-client.rules)
12601 <-> WEB-CLIENT ebCrypt IncrementalHash ActiveX clsid unicode access (web-client.rules)
12602 <-> WEB-CLIENT ebCrypt IncrementalHash ActiveX function call access (web-client.rules)
12603 <-> WEB-CLIENT ebCrypt IncrementalHash ActiveX function call unicode access (web-client.rules)
12604 <-> WEB-CLIENT ebCrypt PRNGenerator ActiveX clsid access (web-client.rules)
12605 <-> WEB-CLIENT ebCrypt PRNGenerator ActiveX clsid unicode access (web-client.rules)
12606 <-> WEB-CLIENT ebCrypt PRNGenerator ActiveX function call access (web-client.rules)
12607 <-> WEB-CLIENT ebCrypt PRNGenerator ActiveX function call unicode access (web-client.rules)

Updated rules:
 638 <-> SHELLCODE SGI NOOP (shellcode.rules)
 639 <-> SHELLCODE SGI NOOP (shellcode.rules)
 640 <-> SHELLCODE AIX NOOP (shellcode.rules)
 641 <-> SHELLCODE Digital UNIX NOOP (shellcode.rules)
 642 <-> SHELLCODE HP-UX NOOP (shellcode.rules)
 643 <-> SHELLCODE HP-UX NOOP (shellcode.rules)
 644 <-> SHELLCODE sparc NOOP (shellcode.rules)
 645 <-> SHELLCODE sparc NOOP (shellcode.rules)
 646 <-> SHELLCODE sparc NOOP (shellcode.rules)
 647 <-> SHELLCODE sparc setuid 0 (shellcode.rules)
 648 <-> SHELLCODE x86 NOOP (shellcode.rules)
 649 <-> SHELLCODE x86 setgid 0 (shellcode.rules)
 650 <-> SHELLCODE x86 setuid 0 (shellcode.rules)
 651 <-> SHELLCODE x86 stealth NOOP (shellcode.rules)
 652 <-> SHELLCODE Linux shellcode (shellcode.rules)
 653 <-> SHELLCODE x86 0x90 unicode NOOP (shellcode.rules)
1390 <-> SHELLCODE x86 inc ebx NOOP (shellcode.rules)
1394 <-> SHELLCODE x86 NOOP (shellcode.rules)
1424 <-> SHELLCODE x86 0xEB0C NOOP (shellcode.rules)
2312 <-> SHELLCODE x86 0x71FB7BAB NOOP (shellcode.rules)
2313 <-> SHELLCODE x86 0x71FB7BAB NOOP unicode (shellcode.rules)
2314 <-> DELETED SHELLCODE x86 0x90 NOOP unicode (deleted.rules)
8426 <-> WEB-MISC SSLv2 openssl get shared ciphers overflow attempt (web-misc.rules)
8427 <-> WEB-MISC SSLv3 openssl get shared ciphers overflow attempt (web-misc.rules)
8428 <-> WEB-MISC SSLv2 openssl get shared ciphers overflow attempt (web-misc.rules)
8429 <-> POP3 SSLv2 openssl get shared ciphers overflow attempt (pop3.rules)
8430 <-> POP3 SSLv3 openssl get shared ciphers overflow attempt (pop3.rules)
8431 <-> POP3 SSLv2 openssl get shared ciphers overflow attempt (pop3.rules)
8432 <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules)
8433 <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules)
8434 <-> SMTP SSLv3 openssl get shared ciphers overflow attempt (smtp.rules)
8435 <-> SMTP SSLv3 openssl get shared ciphers overflow attempt (smtp.rules)
8436 <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules)
8437 <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules)
8438 <-> IMAP SSLv2 openssl get shared ciphers overflow attempt (imap.rules)
8439 <-> IMAP SSLv3 openssl get shared ciphers overflow attempt (imap.rules)
8440 <-> IMAP SSLv2 openssl get shared ciphers overflow attempt (imap.rules)
10506 <-> SHELLCODE Canvas shellcode basic encoder (shellcode.rules)
10507 <-> SHELLCODE Canvas shellcode basic encoder (shellcode.rules)
10508 <-> SHELLCODE Canvas shellcode basic encoder (shellcode.rules)
10509 <-> SHELLCODE Canvas shellcode basic encoder (shellcode.rules)
10510 <-> SHELLCODE Canvas shellcode basic encoder (shellcode.rules)
10511 <-> SHELLCODE Canvas shellcode basic encoder (shellcode.rules)
10512 <-> SHELLCODE Canvas shellcode basic encoder (shellcode.rules)
10513 <-> SHELLCODE Canvas shellcode basic encoder (shellcode.rules)
12466 <-> WEB-CLIENT MW6 Technologies QRCode ActiveX clsid access (web-client.rules)
12467 <-> WEB-CLIENT MW6 Technologies QRCode ActiveX clsid unicode access (web-client.rules)
12468 <-> WEB-CLIENT COWON America JetAudio JetFlExt.dll ActiveX clsid access (web-client.rules)
12469 <-> WEB-CLIENT COWON America JetAudio JetFlExt.dll ActiveX clsid unicode access (web-client.rules)
12470 <-> WEB-CLIENT COWON America JetAudio JetFlExt.dll ActiveX function call access (web-client.rules)
12471 <-> WEB-CLIENT COWON America JetAudio JetFlExt.dll ActiveX function call unicode access (web-client.rules)
12472 <-> WEB-CLIENT Sun Java Web Start ActiveX clsid access (web-client.rules)
12473 <-> WEB-CLIENT Sun Java Web Start ActiveX clsid unicode access (web-client.rules)
12474 <-> WEB-CLIENT Sun Java Web Start ActiveX function call access (web-client.rules)
12475 <-> WEB-CLIENT Sun Java Web Start ActiveX function call unicode access (web-client.rules)
12476 <-> WEB-CLIENT Yahoo Messenger CYFT ActiveX clsid access (web-client.rules)
12477 <-> WEB-CLIENT Yahoo Messenger CYFT ActiveX clsid unicode access (web-client.rules)
12478 <-> WEB-CLIENT Yahoo Messenger CYFT ActiveX function call access (web-client.rules)
12479 <-> WEB-CLIENT Yahoo Messenger CYFT ActiveX function call unicode access (web-client.rules)
12593 <-> EXPLOIT Firefox Quicktime chrome exploit (exploit.rules)