Sourcefire VRT Rules Update
Date: 2008-03-04
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.
The format of the file is:
sid - Message (rule group)
New rules: 13523 <-> WEB-CLIENT Novell iPrint ActiveX clsid access (web-client.rules) 13524 <-> WEB-CLIENT Novell iPrint ActiveX clsid unicode access (web-client.rules) 13525 <-> WEB-CLIENT Novell iPrint ActiveX function call access (web-client.rules) 13526 <-> WEB-CLIENT Novell iPrint ActiveX function call unicode access (web-client.rules) 13527 <-> WEB-CLIENT D-Link MPEG4 SHM Audio Control ActiveX clsid access (web-client.rules) 13528 <-> WEB-CLIENT D-Link MPEG4 SHM Audio Control ActiveX clsid unicode access (web-client.rules) 13529 <-> WEB-CLIENT D-Link MPEG4 SHM Audio Control ActiveX function call access (web-client.rules) 13530 <-> WEB-CLIENT D-Link MPEG4 SHM Audio Control ActiveX function call unicode access (web-client.rules) 13531 <-> WEB-CLIENT 4xem VatCtrl ActiveX clsid access (web-client.rules) 13532 <-> WEB-CLIENT 4xem VatCtrl ActiveX clsid unicode access (web-client.rules) 13533 <-> WEB-CLIENT 4xem VatCtrl ActiveX function call access (web-client.rules) 13534 <-> WEB-CLIENT 4xem VatCtrl ActiveX function call unicode access (web-client.rules) 13535 <-> WEB-CLIENT Vivotek RTSP MPEG4 SP Control ActiveX clsid access (web-client.rules) 13536 <-> WEB-CLIENT Vivotek RTSP MPEG4 SP Control ActiveX clsid unicode access (web-client.rules) 13537 <-> WEB-CLIENT Vivotek RTSP MPEG4 SP Control ActiveX function call access (web-client.rules) 13538 <-> WEB-CLIENT Vivotek RTSP MPEG4 SP Control ActiveX function call unicode access (web-client.rules) 13539 <-> WEB-CLIENT Symantec Backup Exec ActiveX clsid access (web-client.rules) 13540 <-> WEB-CLIENT Symantec Backup Exec ActiveX clsid unicode access (web-client.rules) 13541 <-> WEB-CLIENT Symantec Backup Exec ActiveX function call access (web-client.rules) 13542 <-> WEB-CLIENT Symantec Backup Exec ActiveX function call unicode access (web-client.rules) 13543 <-> WEB-CLIENT Learn2 STRunner ActiveX clsid access (web-client.rules) 13544 <-> WEB-CLIENT Learn2 STRunner ActiveX clsid unicode access (web-client.rules) 13545 <-> WEB-CLIENT Learn2 STRunner ActiveX function call access (web-client.rules) 13546 <-> WEB-CLIENT Learn2 STRunner ActiveX function call unicode access (web-client.rules) 13547 <-> WEB-CLIENT Sony ImageStation ActiveX clsid access (web-client.rules) 13548 <-> WEB-CLIENT Sony ImageStation ActiveX clsid unicode access (web-client.rules) 13549 <-> WEB-CLIENT Sony ImageStation ActiveX function call access (web-client.rules) 13550 <-> WEB-CLIENT Sony ImageStation ActiveX function call unicode access (web-client.rules) 13551 <-> ORACLE Oracle XDB.XDB_PITRIG_PKG sql injection attempt (oracle.rules) 13552 <-> EXPLOIT Symantec VERITAS Storage Foundation Suite buffer overflow attempt (exploit.rules) 13553 <-> EXPLOIT Sybase SQL Anywhere Mobilink username string buffer overflow (exploit.rules) 13554 <-> EXPLOIT Sybase SQL Anywhere Mobilink version string buffer overflow (exploit.rules) 13555 <-> EXPLOIT Sybase SQL Anywhere Mobilink remoteID string buffer overflow (exploit.rules) 13556 <-> SPYWARE-PUT Hijacker kword interkey runtime detection - search traffic 1 (spyware-put.rules) 13557 <-> SPYWARE-PUT Hijacker kword interkey runtime detection - search traffic 2 (spyware-put.rules) 13558 <-> SPYWARE-PUT Hijacker kword interkey runtime detection - log user info (spyware-put.rules) 13559 <-> SPYWARE-PUT Hijacker kompass toolbar runtime detection - initial connection (spyware-put.rules) 13560 <-> SPYWARE-PUT Hijacker kompass toolbar runtime detection - search traffic (spyware-put.rules) 13561 <-> SPYWARE-PUT Adware malware alarm runtime detection - presale request (spyware-put.rules) 13562 <-> SPYWARE-PUT Adware malware alarm runtime detection - update request (spyware-put.rules) 13563 <-> SPYWARE-PUT Adware system doctor runtime detection - presale request (spyware-put.rules) 13564 <-> SPYWARE-PUT Adware system doctor runtime detection - update status (spyware-put.rules) 13565 <-> SPYWARE-PUT Trickler iecodec runtime etection - initial traffic (spyware-put.rules) 13566 <-> SPYWARE-PUT Trickler iecodec runtime etection - message dialog (spyware-put.rules) 13567 <-> SPYWARE-PUT Keylogger msn spy monitor runtime detection (spyware-put.rules) 13568 <-> SPYWARE-PUT Keylogger sys keylog 1.3 advanced runtime detection (spyware-put.rules) Updated rules: 11669 <-> SPECIFIC-THREATS Eudora 250 command response buffer overflow attempt (specific-threats.rules) 12182 <-> POLICY Adobe FLV file transfer (policy.rules) 12183 <-> EXPLOIT Adobe FLV long string script data buffer overflow (exploit.rules)
