Snort :: Changes 2008-12-23

Sourcefire VRT Rules Update

Date: 2008-12-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.7.
The format of the file is:
sid - Message (rule group, priority)
New rules:
15163 <-> SPECIFIC-THREATS Microsoft Visio Object Header Buffer Overflow attempt (specific-threats.rules, High)
15164 <-> SPECIFIC-THREATS Mozilla Products SVG Layout Engine Index Parameter memory corruption attempt (specific-threats.rules, High)
15165 <-> BACKDOOR Pushdo client communication attempt (backdoor.rules, High)
15166 <-> WEB-CLIENT VideoLAN VLC Media Player RealText buffer overflow attempt (web-client.rules, High)

Updated rules:
2422 <-> MULTIMEDIA realplayer .rt playlist download attempt (multimedia.rules, Low)
12307 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect _SetPagerNotifyConfig little endian attempt (netbios.rules, Low)
12308 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect _SetPagerNotifyConfig attempt (netbios.rules, Low)
12309 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetPagerNotifyConfig attempt (netbios.rules, Low)
12310 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetPagerNotifyConfig little endian attempt (netbios.rules, Low)
12311 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetPagerNotifyConfig object call attempt (netbios.rules, Low)
12312 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetPagerNotifyConfig little endian object call attempt (netbios.rules, Low)
12323 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect _AddTaskExportLogItem attempt (netbios.rules, Low)
12324 <-> NETBIOS DCERPC DIRECT trend-serverprotect _AddTaskExportLogItem little endian attempt (netbios.rules, Low)
12325 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect _AddTaskExportLogItem little endian attempt (netbios.rules, Low)
12326 <-> NETBIOS DCERPC DIRECT trend-serverprotect _AddTaskExportLogItem attempt (netbios.rules, Low)
12327 <-> NETBIOS DCERPC DIRECT trend-serverprotect _AddTaskExportLogItem little endian object call attempt (netbios.rules, Low)
12328 <-> NETBIOS DCERPC DIRECT trend-serverprotect _AddTaskExportLogItem object call attempt (netbios.rules, Low)
12329 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect _TakeActionOnAFile attempt (netbios.rules, Low)
12330 <-> NETBIOS DCERPC DIRECT trend-serverprotect _TakeActionOnAFile little endian attempt (netbios.rules, Low)
12331 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect _TakeActionOnAFile little endian attempt (netbios.rules, Low)
12332 <-> NETBIOS DCERPC DIRECT trend-serverprotect _TakeActionOnAFile attempt (netbios.rules, Low)
12333 <-> NETBIOS DCERPC DIRECT trend-serverprotect _TakeActionOnAFile little endian object call attempt (netbios.rules, Low)
12334 <-> NETBIOS DCERPC DIRECT trend-serverprotect _TakeActionOnAFile object call attempt (netbios.rules, Low)
12335 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect Trent_req_num_30010 overflow attempt (netbios.rules, High)
12336 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_30010 overflow attempt (netbios.rules, High)
12337 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_30010 little endian overflow attempt (netbios.rules, High)
12338 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect Trent_req_num_30010 little endian overflow attempt (netbios.rules, High)
12339 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_30010 object call overflow attempt (netbios.rules, High)
12340 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_30010 little endian object call overflow attempt (netbios.rules, High)
12341 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_a0030 little endian attempt (netbios.rules, Low)
12342 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect Trent_req_num_a0030 attempt (netbios.rules, Low)
12343 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_a0030 attempt (netbios.rules, Low)
12344 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect Trent_req_num_a0030 little endian attempt (netbios.rules, Low)
12345 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_a0030 little endian object call attempt (netbios.rules, Low)
12346 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_a0030 object call attempt (netbios.rules, Low)
12347 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect _SetSvcImpersonateUser little endian attempt (netbios.rules, Low)
12348 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetSvcImpersonateUser little endian attempt (netbios.rules, Low)
12349 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect _SetSvcImpersonateUser attempt (netbios.rules, Low)
12350 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetSvcImpersonateUser attempt (netbios.rules, Low)
12351 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetSvcImpersonateUser little endian object call attempt (netbios.rules, Low)
12352 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetSvcImpersonateUser object call attempt (netbios.rules, Low)
13364 <-> SMTP Novell GroupWise client IMG SRC buffer overflow (smtp.rules, High)
Snort

Sourcefire VRT Rules Update

Date: 2008-12-23

Snort Links

Community

Sourcefire
