Sourcefire VRT Rules Update

Date: 2008-06-10

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.7.

The format of the file is:

sid - Message (rule group)

New rules:
13844 <-> SPECIFIC-THREATS BDAT size longer than contents exploit attempt (specific-threats.rules)
13845 <-> SPECIFIC-THREATS BDAT size public exploit attempt (specific-threats.rules)
13846 <-> SPECIFIC-THREATS Veritas Backup Agent password overflow attempt (specific-threats.rules)

Updated rules:
3599 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMDeleteObject little endian object call overflow attempt (netbios.rules)
12279 <-> WEB-CLIENT Microsoft XML substringData integer overflow attempt (web-client.rules)
13620 <-> SPECIFIC-THREATS CA Brightstor discovery service alternate buffer overflow attempt (specific-threats.rules)
13817 <-> SPECIFIC-THREATS xmlrpc.php command injection attempt (specific-threats.rules)
13818 <-> SPECIFIC-THREATS alternate xmlrpc.php command injection attempt (specific-threats.rules)