Sourcefire VRT Rules Update

Date: 2009-01-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group, priority)

Updated rules:
14265 <-> EXPLOIT CitectSCADA ODBC buffer overflow attempt (exploit.rules, High)
15147 <-> SPECIFIC-THREATS Microsoft IE malformed iframe buffer overflow attempt (specific-threats.rules, High)
15165 <-> BACKDOOR Pushdo client communication attempt (backdoor.rules, High)

New rules:
15159 <-> WEB-ACTIVEX Evans FTP ActiveX clsid access (web-activex.rules, High)
15160 <-> WEB-ACTIVEX Evans FTP ActiveX clsid unicode access (web-activex.rules, High)
15161 <-> WEB-ACTIVEX Evans FTP ActiveX function call access (web-activex.rules, High)
15162 <-> WEB-ACTIVEX Evans FTP ActiveX function call unicode access (web-activex.rules, High)
15167 <-> POLICY Suspicious .cn dns query (policy.rules, High)
15168 <-> POLICY Suspicious .ru dns query (policy.rules, High)
15169 <-> POLICY XBOX Live Kerberos Authenthication Request (policy.rules, High)
15170 <-> POLICY XBOX Netflix client active (policy.rules, High)
15171 <-> POLICY XBOX Marketplace http request (policy.rules, High)
15172 <-> POLICY XBOX avatar retrieval request (policy.rules, High)
15173 <-> WEB-ACTIVEX Phoenician Casino ActiveX clsid access (web-activex.rules, High)
15174 <-> WEB-ACTIVEX Phoenician Casino ActiveX clsid unicode access (web-activex.rules, High)
15175 <-> WEB-ACTIVEX Phoenician Casino ActiveX function call access (web-activex.rules, High)
15176 <-> WEB-ACTIVEX Phoenician Casino ActiveX function call unicode access (web-activex.rules, High)
15177 <-> WEB-ACTIVEX Trend Micro HouseCall ActiveX clsid access (web-activex.rules, High)
15178 <-> WEB-ACTIVEX Trend Micro HouseCall ActiveX clsid unicode access (web-activex.rules, High)
15179 <-> WEB-ACTIVEX Trend Micro HouseCall ActiveX function call access (web-activex.rules, High)
15180 <-> WEB-ACTIVEX Trend Micro HouseCall ActiveX function call unicode access (web-activex.rules, High)
15181 <-> WEB-ACTIVEX SaschArt SasCam Webcam Server ActiveX clsid access (web-activex.rules, High)
15182 <-> WEB-ACTIVEX SaschArt SasCam Webcam Server ActiveX clsid unicode access (web-activex.rules, High)
15183 <-> CHAT Yahoo messenger http link transmission attempt (chat.rules, High)
15184 <-> CHAT MSN messenger http link transmission attempt (chat.rules, High)
15185 <-> POLICY Nintendo Wii SSL Server Hello (policy.rules, High)
15186 <-> MISC Multiple vendors CUPS HPGL filter remote code execution attempt (misc.rules, High)
15187 <-> MISC Multiple vendors CUPS HPGL filter remote code execution attempt (misc.rules, High)
15188 <-> MISC Multiple vendors CUPS HPGL filter remote code execution attempt (misc.rules, High)
15189 <-> MISC Multiple vendors CUPS HPGL filter remote code execution attempt (misc.rules, High)
15190 <-> WEB-MISC Youngzsoft CCProxy CONNECT Request buffer overflow attempt (web-misc.rules, High)
15191 <-> SPECIFIC-THREATS Mozilla Firefox animated PNG processing integer overflow (specific-threats.rules, High)