Snort :: Changes 2008-06-05

Sourcefire VRT Rules Update

Date: 2008-06-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.
The format of the file is:
sid - Message (rule group)
New rules:
13838 <-> WEB-CLIENT Mozilla Firefox IFRAME style change handling code execution (web-client.rules)
13839 <-> MISC CA ARCServ NetBackup remote file upload attempt (misc.rules)
13840 <-> EXPLOIT Borland Interbase service attach operation buffer overflow (exploit.rules)
13841 <-> EXPLOIT Borland Interbase create operation buffer overflow (exploit.rules)
13842 <-> EXPLOIT Borland Interbase operation buffer overflow (exploit.rules)
13843 <-> EXPLOIT MaxDB WebDBM get buffer overflow (exploit.rules)

Updated rules:
9806 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc GetGroupStatus little endian overflow attempt (netbios.rules)
9807 <-> NETBIOS DCERPC DIRECT brightstor-arc GetGroupStatus little endian overflow attempt (netbios.rules)
9808 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc GetGroupStatus overflow attempt (netbios.rules)
9809 <-> NETBIOS DCERPC DIRECT brightstor-arc GetGroupStatus overflow attempt (netbios.rules)
9810 <-> NETBIOS DCERPC DIRECT brightstor-arc GetGroupStatus little endian object call overflow attempt (netbios.rules)
9811 <-> NETBIOS DCERPC DIRECT brightstor-arc GetGroupStatus object call overflow attempt (netbios.rules)
10018 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc ReserveGroup attempt (netbios.rules)
10019 <-> NETBIOS DCERPC DIRECT brightstor-arc ReserveGroup attempt (netbios.rules)
10020 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc ReserveGroup little endian attempt (netbios.rules)
10021 <-> NETBIOS DCERPC DIRECT brightstor-arc ReserveGroup little endian attempt (netbios.rules)
10022 <-> NETBIOS DCERPC DIRECT brightstor-arc ReserveGroup object call attempt (netbios.rules)
10023 <-> NETBIOS DCERPC DIRECT brightstor-arc ReserveGroup little endian object call attempt (netbios.rules)
10024 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc ClientDBMiniAgentClose little endian attempt (netbios.rules)
10025 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc ClientDBMiniAgentClose attempt (netbios.rules)
10026 <-> NETBIOS DCERPC DIRECT brightstor-arc ClientDBMiniAgentClose attempt (netbios.rules)
10027 <-> NETBIOS DCERPC DIRECT brightstor-arc ClientDBMiniAgentClose little endian attempt (netbios.rules)
10028 <-> NETBIOS DCERPC DIRECT brightstor-arc ClientDBMiniAgentClose object call attempt (netbios.rules)
10029 <-> NETBIOS DCERPC DIRECT brightstor-arc ClientDBMiniAgentClose little endian object call attempt (netbios.rules)
10117 <-> NETBIOS DCERPC DIRECT brightstor-arc GetGCBHandleFromGroupName little endian object call overflow attempt (netbios.rules)
10118 <-> NETBIOS DCERPC DIRECT brightstor-arc GetGCBHandleFromGroupName little endian overflow attempt (netbios.rules)
10119 <-> NETBIOS DCERPC DIRECT brightstor-arc GetGCBHandleFromGroupName object call overflow attempt (netbios.rules)
10120 <-> NETBIOS DCERPC DIRECT brightstor-arc GetGCBHandleFromGroupName overflow attempt (netbios.rules)
10121 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc GetGCBHandleFromGroupName little endian overflow attempt (netbios.rules)
10122 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc GetGCBHandleFromGroupName overflow attempt (netbios.rules)
10486 <-> NETBIOS DCERPC DIRECT brightstor-arc function 15 little endian attempt (netbios.rules)
10487 <-> NETBIOS DCERPC DIRECT brightstor-arc function 15 attempt (netbios.rules)
10488 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc function 15 little endian attempt (netbios.rules)
10489 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc function 15 attempt (netbios.rules)
10490 <-> NETBIOS DCERPC DIRECT brightstor-arc function 15 little endian object call attempt (netbios.rules)
10491 <-> NETBIOS DCERPC DIRECT brightstor-arc function 15 object call attempt (netbios.rules)
10492 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc function 16 attempt (netbios.rules)
10493 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc function 16 little endian attempt (netbios.rules)
10494 <-> NETBIOS DCERPC DIRECT brightstor-arc function 16 little endian attempt (netbios.rules)
10495 <-> NETBIOS DCERPC DIRECT brightstor-arc function 16 attempt (netbios.rules)
10496 <-> NETBIOS DCERPC DIRECT brightstor-arc function 16 little endian object call attempt (netbios.rules)
10497 <-> NETBIOS DCERPC DIRECT brightstor-arc function 16 object call attempt (netbios.rules)
10498 <-> NETBIOS DCERPC DIRECT brightstor-arc function 17 attempt (netbios.rules)
10499 <-> NETBIOS DCERPC DIRECT brightstor-arc function 17 little endian attempt (netbios.rules)
10500 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc function 17 little endian attempt (netbios.rules)
10501 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc function 17 attempt (netbios.rules)
10502 <-> NETBIOS DCERPC DIRECT brightstor-arc function 17 object call attempt (netbios.rules)
10503 <-> NETBIOS DCERPC DIRECT brightstor-arc function 17 little endian object call attempt (netbios.rules)
11196 <-> EXPLOIT MaxDB WebDBM get buffer overflow (exploit.rules)
Snort

Sourcefire VRT Rules Update

Date: 2008-06-05

Snort Links

Community

Sourcefire
