Sourcefire VRT Rules Update

Date: 2008-12-16

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group, priority)

New rules:
15145 <-> EXPLOIT Apple CUPS TrueColor PNG filter overly large image height integer overflow attempt (exploit.rules, High)
15146 <-> EXPLOIT Apple CUPS RGB+Alpha PNG filter overly large image height integer overflow attempt (exploit.rules, High)
15147 <-> SPECIFIC-THREATS Microsoft IE malformed iframe buffer overflow attempt (specific-threats.rules, High)
15150 <-> CHAT Jive Software Openfire Jabber Server login Authentication bypass attempt (chat.rules, High)
15151 <-> CHAT Jive Software Openfire Jabber Server logout Authentication bypass attempt (chat.rules, High)
15152 <-> CHAT Jive Software Openfire Jabber Server setup-index Authentication bypass attempt (chat.rules, High)
15153 <-> CHAT Jive Software Openfire Jabber Server setup Authentication bypass attempt (chat.rules, High)
15154 <-> CHAT Jive Software Openfire Jabber Server gif Authentication bypass attempt (chat.rules, High)
15155 <-> CHAT Jive Software Openfire Jabber Server png Authentication bypass attempt (chat.rules, High)
15156 <-> CHAT Jive Software Openfire Jabber Server serverdown Authentication bypass attempt (chat.rules, High)
15157 <-> WEB-CLIENT VideoLAN VLC Media Player XSPF memory corruption attempt (web-client.rules, High)
15158 <-> WEB-MISC XML Shareable Playlist Format file download attempt (web-misc.rules, Low)

Updated rules:
2517 <-> IMAP PCT Client_Hello overflow attempt (imap.rules, High)
2518 <-> POP3 PCT Client_Hello overflow attempt (pop3.rules, High)
2528 <-> SMTP PCT Client_Hello overflow attempt (smtp.rules, High)
3511 <-> SMTP PCT Client_Hello overflow attempt (smtp.rules, High)
4677 <-> ORACLE enterprise manager application server control GET parameter overflow attempt (oracle.rules, High)
8426 <-> WEB-MISC SSLv2 openssl get shared ciphers overflow attempt (web-misc.rules, High)
8427 <-> WEB-MISC SSLv3 openssl get shared ciphers overflow attempt (web-misc.rules, High)
8428 <-> WEB-MISC SSLv2 openssl get shared ciphers overflow attempt (web-misc.rules, High)
8429 <-> POP3 SSLv2 openssl get shared ciphers overflow attempt (pop3.rules, High)
8430 <-> POP3 SSLv3 openssl get shared ciphers overflow attempt (pop3.rules, High)
8431 <-> POP3 SSLv2 openssl get shared ciphers overflow attempt (pop3.rules, High)
8432 <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules, High)
8433 <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules, High)
8434 <-> SMTP SSLv3 openssl get shared ciphers overflow attempt (smtp.rules, High)
8435 <-> SMTP SSLv3 openssl get shared ciphers overflow attempt (smtp.rules, High)
8436 <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules, High)
8437 <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules, High)
8438 <-> IMAP SSLv2 openssl get shared ciphers overflow attempt (imap.rules, High)
8439 <-> IMAP SSLv3 openssl get shared ciphers overflow attempt (imap.rules, High)
8440 <-> IMAP SSLv2 openssl get shared ciphers overflow attempt (imap.rules, High)