Sourcefire VRT Rules Update

Date: 2008-12-11

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group)

New rules:
15127 <-> NETBIOS SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (netbios.rules, High)
15128 <-> NETBIOS SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (netbios.rules, High)
15129 <-> NETBIOS SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (netbios.rules, High)
15130 <-> NETBIOS SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (netbios.rules, High)
15131 <-> NETBIOS SMB sp_replwritetovarbin vulnerable function andx attempt (netbios.rules, High)
15132 <-> NETBIOS SMB sp_replwritetovarbin vulnerable function attempt (netbios.rules, High)
15133 <-> NETBIOS SMB sp_replwritetovarbin vulnerable function unicode andx attempt (netbios.rules, High)
15134 <-> NETBIOS SMB sp_replwritetovarbin vulnerable function unicode attempt (netbios.rules, High)
15135 <-> NETBIOS-DG SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (netbios.rules, High)
15136 <-> NETBIOS-DG SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (netbios.rules, High)
15137 <-> NETBIOS-DG SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (netbios.rules, High)
15138 <-> NETBIOS-DG SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (netbios.rules, High)
15139 <-> NETBIOS-DG SMB sp_replwritetovarbin vulnerable function andx attempt (netbios.rules, High)
15140 <-> NETBIOS-DG SMB sp_replwritetovarbin vulnerable function attempt (netbios.rules, High)
15141 <-> NETBIOS-DG SMB sp_replwritetovarbin vulnerable function unicode andx attempt (netbios.rules, High)
15142 <-> NETBIOS-DG SMB sp_replwritetovarbin vulnerable function unicode attempt (netbios.rules, High)
15143 <-> SQL sp_replwritetovarbin unicode vulnerable function attempt (sql.rules, High)
15144 <-> SQL sp_replwritetovarbin vulnerable function attempt (sql.rules, High)