Sourcefire VRT Rules Update

Date: 2008-08-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.7.

The format of the file is:

sid - Message (rule group)

New rules:
14039 <-> EXPLOIT GNOME Project libxslt RC4 key string buffer overflow attempt (exploit.rules)
14040 <-> EXPLOIT GNOME Project libxslt RC4 key string buffer overflow attempt (exploit.rules)
14041 <-> EXPLOIT GNOME Project libxslt RC4 key string buffer overflow attempt (exploit.rules)
14042 <-> WEB-CLIENT RealPlayer General Property Page ActiveX clsid access (web-client.rules)
14043 <-> WEB-CLIENT RealPlayer General Property Page ActiveX clsid unicode access (web-client.rules)
14044 <-> WEB-CLIENT RealPlayer Playback Handler ActiveX function call access (web-client.rules)
14045 <-> WEB-CLIENT RealPlayer Playback Handler ActiveX function call unicode access (web-client.rules)
14046 <-> WEB-CLIENT RealPlayer RMP Download Handler ActiveX function call access (web-client.rules)
14047 <-> WEB-CLIENT RealPlayer RMP Download Handler ActiveX function call unicode access (web-client.rules)
14048 <-> WEB-CLIENT RealPlayer RNX Download Handler ActiveX function call access (web-client.rules)
14049 <-> WEB-CLIENT RealPlayer RNX Download Handler ActiveX function call unicode access (web-client.rules)
14050 <-> WEB-CLIENT RealPlayer SMIL Download Handler ActiveX function call access (web-client.rules)
14051 <-> WEB-CLIENT RealPlayer SMIL Download Handler ActiveX function call unicode access (web-client.rules)
14052 <-> WEB-CLIENT RealPlayer Stream Handler ActiveX function call access (web-client.rules)
14053 <-> WEB-CLIENT RealPlayer Stream Handler ActiveX function call unicode access (web-client.rules)

Updated rules:
2515 <-> WEB-MISC PCT Client_Hello overflow attempt (web-misc.rules)
2521 <-> WEB-MISC SSLv3 Server_Hello request (web-misc.rules)
2660 <-> WEB-MISC SSLv2 Server_Hello request (web-misc.rules)
8377 <-> WEB-CLIENT RealPlayer Download Handler ActiveX clsid access (web-client.rules)
8378 <-> WEB-CLIENT RealPlayer Download Handler ActiveX clsid unicode access (web-client.rules)
8381 <-> WEB-CLIENT RealPlayer SMIL Download Handler ActiveX clsid access (web-client.rules)
8382 <-> WEB-CLIENT RealPlayer SMIL Download Handler ActiveX clsid unicode access (web-client.rules)
8383 <-> WEB-CLIENT RealPlayer RAM Download Handler ActiveX clsid access (web-client.rules)
8384 <-> WEB-CLIENT RealPlayer RAM Download Handler ActiveX clsid unicode access (web-client.rules)
8385 <-> WEB-CLIENT RealPlayer Playback Handler ActiveX clsid access (web-client.rules)
8386 <-> WEB-CLIENT RealPlayer Playback Handler ActiveX clsid unicode access (web-client.rules)
8387 <-> WEB-CLIENT RealPlayer RNX Download Handler ActiveX clsid access (web-client.rules)
8388 <-> WEB-CLIENT RealPlayer RNX Download Handler ActiveX clsid unicode access (web-client.rules)
8389 <-> WEB-CLIENT RealPlayer RMP Download Handler ActiveX clsid access (web-client.rules)
8390 <-> WEB-CLIENT RealPlayer RMP Download Handler ActiveX clsid unicode access (web-client.rules)
8409 <-> WEB-CLIENT RealPlayer Stream Handler ActiveX clsid access (web-client.rules)
8410 <-> WEB-CLIENT RealPlayer Stream Handler ActiveX clsid unicode access (web-client.rules)
12766 <-> WEB-CLIENT RealPlayer RMOC3260.DLL ActiveX clsid access (web-client.rules)
12767 <-> WEB-CLIENT RealPlayer RMOC3260.DLL ActiveX clsid unicode access (web-client.rules)
12768 <-> WEB-CLIENT RealPlayer RMOC3260.DLL ActiveX function call access (web-client.rules)
12769 <-> WEB-CLIENT RealPlayer RMOC3260.DLL ActiveX function call unicode access (web-client.rules)
13603 <-> WEB-CLIENT RealPlayer Download Handler ActiveX function call access (web-client.rules)
13604 <-> WEB-CLIENT RealPlayer Download Handler ActiveX function call unicode access (web-client.rules)
13605 <-> WEB-CLIENT RealPlayer RAM Download Handler ActiveX function call access (web-client.rules)
13606 <-> WEB-CLIENT RealPlayer RAM Download Handler ActiveX function call unicode access (web-client.rules)
13923 <-> SMTP MailEnable SMTP HELO command denial of service attempt (smtp.rules)
14021 <-> WEB-CLIENT Microsoft Visual Studio Msmask32 ActiveX clsid access (web-client.rules)
14022 <-> WEB-CLIENT Microsoft Visual Studio Msmask32 ActiveX clsid unicode access (web-client.rules)
14023 <-> WEB-CLIENT Microsoft Visual Studio Msmask32 ActiveX function call access (web-client.rules)
14024 <-> WEB-CLIENT Microsoft Visual Studio Msmask32 ActiveX function call unicode access (web-client.rules)