Sourcefire VRT Rules Update

Date: 2008-12-23

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group, priority)

New rules:
15159 <-> WEB-ACTIVEX Evans FTP ActiveX clsid access (web-activex.rules, High)
15160 <-> WEB-ACTIVEX Evans FTP ActiveX clsid unicode access (web-activex.rules, High)
15161 <-> WEB-ACTIVEX Evans FTP ActiveX function call access (web-activex.rules, High)
15162 <-> WEB-ACTIVEX Evans FTP ActiveX function call unicode access (web-activex.rules, High)
15163 <-> SPECIFIC-THREATS Microsoft Visio Object Header Buffer Overflow attempt (specific-threats.rules, High)
15164 <-> SPECIFIC-THREATS Mozilla Products SVG Layout Engine Index Parameter memory corruption attempt (specific-threats.rules, High)
15165 <-> BACKDOOR Pushdo client communication attempt (backdoor.rules, High)
15166 <-> WEB-CLIENT VideoLAN VLC Media Player RealText buffer overflow attempt (web-client.rules, High)

Updated rules:
2422 <-> MULTIMEDIA realplayer .rt playlist download attempt (multimedia.rules, Low)
12307 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect _SetPagerNotifyConfig little endian attempt (netbios.rules, Low)
12308 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect _SetPagerNotifyConfig attempt (netbios.rules, Low)
12309 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetPagerNotifyConfig attempt (netbios.rules, Low)
12310 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetPagerNotifyConfig little endian attempt (netbios.rules, Low)
12311 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetPagerNotifyConfig object call attempt (netbios.rules, Low)
12312 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetPagerNotifyConfig little endian object call attempt (netbios.rules, Low)
12313 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent little endian alter context attempt (netbios.rules, Low)
12314 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent alter context attempt (netbios.rules, Low)
12315 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent little endian bind attempt (netbios.rules, Low)
12316 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent bind attempt (netbios.rules, Low)
12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules, Low)
12318 <-> NETBIOS DCERPC NCACN-IP-TCP v4 trend-serverprotect-earthagent RPCFN_CopyAUSrc little endian attempt (netbios.rules, Low)
12319 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc little endian attempt (netbios.rules, Low)
12320 <-> NETBIOS DCERPC NCACN-IP-TCP v4 trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules, Low)
12321 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc object call attempt (netbios.rules, Low)
12322 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc little endian object call attempt (netbios.rules, Low)
12323 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect _AddTaskExportLogItem attempt (netbios.rules, Low)
12324 <-> NETBIOS DCERPC DIRECT trend-serverprotect _AddTaskExportLogItem little endian attempt (netbios.rules, Low)
12325 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect _AddTaskExportLogItem little endian attempt (netbios.rules, Low)
12326 <-> NETBIOS DCERPC DIRECT trend-serverprotect _AddTaskExportLogItem attempt (netbios.rules, Low)
12327 <-> NETBIOS DCERPC DIRECT trend-serverprotect _AddTaskExportLogItem little endian object call attempt (netbios.rules, Low)
12328 <-> NETBIOS DCERPC DIRECT trend-serverprotect _AddTaskExportLogItem object call attempt (netbios.rules, Low)
12329 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect _TakeActionOnAFile attempt (netbios.rules, Low)
12330 <-> NETBIOS DCERPC DIRECT trend-serverprotect _TakeActionOnAFile little endian attempt (netbios.rules, Low)
12331 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect _TakeActionOnAFile little endian attempt (netbios.rules, Low)
12332 <-> NETBIOS DCERPC DIRECT trend-serverprotect _TakeActionOnAFile attempt (netbios.rules, Low)
12333 <-> NETBIOS DCERPC DIRECT trend-serverprotect _TakeActionOnAFile little endian object call attempt (netbios.rules, Low)
12334 <-> NETBIOS DCERPC DIRECT trend-serverprotect _TakeActionOnAFile object call attempt (netbios.rules, Low)
12335 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect Trent_req_num_30010 overflow attempt (netbios.rules, High)
12336 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_30010 overflow attempt (netbios.rules, High)
12337 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_30010 little endian overflow attempt (netbios.rules, High)
12338 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect Trent_req_num_30010 little endian overflow attempt (netbios.rules, High)
12339 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_30010 object call overflow attempt (netbios.rules, High)
12340 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_30010 little endian object call overflow attempt (netbios.rules, High)
12341 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_a0030 little endian attempt (netbios.rules, Low)
12342 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect Trent_req_num_a0030 attempt (netbios.rules, Low)
12343 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_a0030 attempt (netbios.rules, Low)
12344 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect Trent_req_num_a0030 little endian attempt (netbios.rules, Low)
12345 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_a0030 little endian object call attempt (netbios.rules, Low)
12346 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_a0030 object call attempt (netbios.rules, Low)
12347 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect _SetSvcImpersonateUser little endian attempt (netbios.rules, Low)
12348 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetSvcImpersonateUser little endian attempt (netbios.rules, Low)
12349 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect _SetSvcImpersonateUser attempt (netbios.rules, Low)
12350 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetSvcImpersonateUser attempt (netbios.rules, Low)
12351 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetSvcImpersonateUser little endian object call attempt (netbios.rules, Low)
12352 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetSvcImpersonateUser object call attempt (netbios.rules, Low)
13364 <-> SMTP Novell GroupWise client IMG SRC buffer overflow (smtp.rules, High)
15126 <-> WEB-CLIENT Internet Explorer nested span tag memory corruption attempt (web-client.rules, High)