Sourcefire VRT Rules Update

Date: 2008-05-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.7.

The format of the file is:

sid - Message (rule group)

New rules:
13797 <-> WEB-CLIENT pe compact binary download (web-client.rules)
13799 <-> WEB-MISC IBM Lotus Expeditor cai URI Handler Command Execution attempt (web-misc.rules)
13800 <-> EXPLOIT ARCServe LGServer service data overflow attempt (exploit.rules)
13801 <-> WEB-CLIENT RTF file download (web-client.rules)
13804 <-> MISC Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt (misc.rules)
13805 <-> RPC portmap CA BrightStor ARCserve tcp procedure 234 attempt (rpc.rules)
13807 <-> WEB-CLIENT Windows metafile SetPaletteEntries heap overflow attempt (web-client.rules)

Updated rules:
12079 <-> EXPLOIT CA BrightStor LGServer Stack buffer overflow (exploit.rules)
13715 <-> WEB-MISC HP OpenView Network Node Manager HTTP Handling buffer overflow attempt (web-misc.rules)