Sourcefire VRT Rules Update

Date: 2009-02-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group, priority)

New rules:
15363 <-> WEB-CLIENT Potential obfuscated javascript eval unescape attack attempt (web-client.rules, Low)
15364 <-> EXPLOIT Ganglia Meta Daemon process_path stack buffer overflow attempt (exploit.rules, High)

Updated rules:
2183 <-> SMTP Content-Transfer-Encoding overflow attempt (smtp.rules, High)
2338 <-> FTP LIST buffer overflow attempt (ftp.rules, Medium)
3461 <-> SMTP Content-Type overflow attempt (smtp.rules, High)
3462 <-> SMTP Content-Encoding overflow attempt (smtp.rules, High)
4060 <-> POLICY RDP attempted administrator connection request (policy.rules, Low)
10010 <-> EXPLOIT Putty Server key exchange buffer overflow attempt (exploit.rules, High)
10135 <-> DOS Squid proxy FTP denial of service attempt (dos.rules, Medium)
11004 <-> IMAP CRAM-MD5 authentication method buffer overflow (imap.rules, High)
11686 <-> SPECIFIC-THREATS WebDAV search overflow attempt (specific-threats.rules, High)
12465 <-> EXPLOIT Apache APR memory corruption attempt (exploit.rules, High)
13292 <-> EXPLOIT Skype skype4com URI handler memory corruption attempt (exploit.rules, High)
13611 <-> EXPLOIT RealVNC client response (exploit.rules, Low)
13612 <-> EXPLOIT RealVNC server authentication bypass attempt (exploit.rules, Low)
13880 <-> EXPLOIT RealVNC server authentication version array check (exploit.rules, Low)