Sourcefire VRT Rules Update

Date: 2009-02-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.7.

The format of the file is:

sid - Message (rule group, priority)

Updated rules:
13901 <-> NETBIOS SMB server response heap overflow attempt (netbios.rules, High)
15143 <-> SQL sp_replwritetovarbin unicode vulnerable function attempt (sql.rules, High)
15144 <-> SQL sp_replwritetovarbin vulnerable function attempt (sql.rules, High)
15323 <-> NETBIOS-DG SMB /sql/query andx create tree attempt (netbios.rules, Low)
15324 <-> NETBIOS-DG SMB /sql/query unicode andx create tree attempt (netbios.rules, Low)

New rules:
15319 <-> NETBIOS-DG SMB /sql/query create tree attempt (netbios.rules, Low)
15320 <-> NETBIOS-DG SMB /sql/query unicode create tree attempt (netbios.rules, Low)
15356 <-> SMTP Adobe PDF JBIG2 remote code execution attempt (smtp.rules, High)
15357 <-> WEB-CLIENT Adobe PDF JBIG2 remote code execution attempt (web-client.rules, High)