Sourcefire VRT Rules Update

Date: 2008-10-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group)

New rules:
14773 <-> SPECIFIC-THREATS CA ARCserve LGServer handshake buffer overflow attempt (specific-threats.rules)
14774 <-> EXPLOIT HP OpenView Network Node Manger connectedNodes command injection attempt (exploit.rules)
14775 <-> EXPLOIT HP OpenView Network Node Manger cdpnode command injection attempt (exploit.rules)
14776 <-> EXPLOIT HP OpenView Network Node Manager freeIPaddrs command injection attempt (exploit.rules)
14777 <-> DNS single byte encoded name response (dns.rules)
14778 <-> WEB-CLIENT Dart Communications PowerTCP FTP ActiveX clsid access (web-client.rules)
14779 <-> WEB-CLIENT Dart Communications PowerTCP FTP ActiveX clsid unicode access (web-client.rules)
14780 <-> WEB-CLIENT Dart Communications PowerTCP FTP ActiveX function call access (web-client.rules)
14781 <-> WEB-CLIENT Dart Communications PowerTCP FTP ActiveX function call unicode access (web-client.rules)
14899 <-> NETBIOS SMB netdfs unicode little endian bind attempt (netbios.rules)
14900 <-> NETBIOS SMB netdfs NetrDfsEnum unicode little endian attempt (netbios.rules)

Updated rules:
2381 <-> WEB-MISC Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (web-misc.rules)
13916 <-> EXPLOIT Alt-N SecurityGateway username buffer overflow attempt (exploit.rules)