Sourcefire VRT Rules Update

Date: 2008-03-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group)

New rules:
13523 <-> WEB-CLIENT Novell iPrint ActiveX clsid access (web-client.rules)
13524 <-> WEB-CLIENT Novell iPrint ActiveX clsid unicode access (web-client.rules)
13525 <-> WEB-CLIENT Novell iPrint ActiveX function call access (web-client.rules)
13526 <-> WEB-CLIENT Novell iPrint ActiveX function call unicode access (web-client.rules)
13527 <-> WEB-CLIENT D-Link MPEG4 SHM Audio Control ActiveX clsid access (web-client.rules)
13528 <-> WEB-CLIENT D-Link MPEG4 SHM Audio Control ActiveX clsid unicode access (web-client.rules)
13529 <-> WEB-CLIENT D-Link MPEG4 SHM Audio Control ActiveX function call access (web-client.rules)
13530 <-> WEB-CLIENT D-Link MPEG4 SHM Audio Control ActiveX function call unicode access (web-client.rules)
13531 <-> WEB-CLIENT 4xem VatCtrl ActiveX clsid access (web-client.rules)
13532 <-> WEB-CLIENT 4xem VatCtrl ActiveX clsid unicode access (web-client.rules)
13533 <-> WEB-CLIENT 4xem VatCtrl ActiveX function call access (web-client.rules)
13534 <-> WEB-CLIENT 4xem VatCtrl ActiveX function call unicode access (web-client.rules)
13535 <-> WEB-CLIENT Vivotek RTSP MPEG4 SP Control ActiveX clsid access (web-client.rules)
13536 <-> WEB-CLIENT Vivotek RTSP MPEG4 SP Control ActiveX clsid unicode access (web-client.rules)
13537 <-> WEB-CLIENT Vivotek RTSP MPEG4 SP Control ActiveX function call access (web-client.rules)
13538 <-> WEB-CLIENT Vivotek RTSP MPEG4 SP Control ActiveX function call unicode access (web-client.rules)
13539 <-> WEB-CLIENT Symantec Backup Exec ActiveX clsid access (web-client.rules)
13540 <-> WEB-CLIENT Symantec Backup Exec ActiveX clsid unicode access (web-client.rules)
13541 <-> WEB-CLIENT Symantec Backup Exec ActiveX function call access (web-client.rules)
13542 <-> WEB-CLIENT Symantec Backup Exec ActiveX function call unicode access (web-client.rules)
13543 <-> WEB-CLIENT Learn2 STRunner ActiveX clsid access (web-client.rules)
13544 <-> WEB-CLIENT Learn2 STRunner ActiveX clsid unicode access (web-client.rules)
13545 <-> WEB-CLIENT Learn2 STRunner ActiveX function call access (web-client.rules)
13546 <-> WEB-CLIENT Learn2 STRunner ActiveX function call unicode access (web-client.rules)
13547 <-> WEB-CLIENT Sony ImageStation ActiveX clsid access (web-client.rules)
13548 <-> WEB-CLIENT Sony ImageStation ActiveX clsid unicode access (web-client.rules)
13549 <-> WEB-CLIENT Sony ImageStation ActiveX function call access (web-client.rules)
13550 <-> WEB-CLIENT Sony ImageStation ActiveX function call unicode access (web-client.rules)
13551 <-> ORACLE Oracle XDB.XDB_PITRIG_PKG sql injection attempt (oracle.rules)
13552 <-> EXPLOIT Symantec VERITAS Storage Foundation Suite buffer overflow attempt (exploit.rules)
13553 <-> EXPLOIT Sybase SQL Anywhere Mobilink username string buffer overflow (exploit.rules)
13554 <-> EXPLOIT Sybase SQL Anywhere Mobilink version string buffer overflow (exploit.rules)
13555 <-> EXPLOIT Sybase SQL Anywhere Mobilink remoteID string buffer overflow (exploit.rules)
13556 <-> SPYWARE-PUT Hijacker kword interkey runtime detection - search traffic 1 (spyware-put.rules)
13557 <-> SPYWARE-PUT Hijacker kword interkey runtime detection - search traffic 2 (spyware-put.rules)
13558 <-> SPYWARE-PUT Hijacker kword interkey runtime detection - log user info (spyware-put.rules)
13559 <-> SPYWARE-PUT Hijacker kompass toolbar runtime detection - initial connection (spyware-put.rules)
13560 <-> SPYWARE-PUT Hijacker kompass toolbar runtime detection - search traffic (spyware-put.rules)
13561 <-> SPYWARE-PUT Adware malware alarm runtime detection - presale request (spyware-put.rules)
13562 <-> SPYWARE-PUT Adware malware alarm runtime detection - update request (spyware-put.rules)
13563 <-> SPYWARE-PUT Adware system doctor runtime detection - presale request (spyware-put.rules)
13564 <-> SPYWARE-PUT Adware system doctor runtime detection - update status (spyware-put.rules)
13565 <-> SPYWARE-PUT Trickler iecodec runtime etection - initial traffic (spyware-put.rules)
13566 <-> SPYWARE-PUT Trickler iecodec runtime etection - message dialog (spyware-put.rules)
13567 <-> SPYWARE-PUT Keylogger msn spy monitor runtime detection (spyware-put.rules)
13568 <-> SPYWARE-PUT Keylogger sys keylog 1.3 advanced runtime detection (spyware-put.rules)

Updated rules:
11669 <-> SPECIFIC-THREATS Eudora 250 command response buffer overflow attempt (specific-threats.rules)
12182 <-> POLICY Adobe FLV file transfer (policy.rules)
12183 <-> EXPLOIT Adobe FLV long string script data buffer overflow (exploit.rules)