Sourcefire VRT Rules Update

Date: 2009-03-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group, priority)

New rules:
15354 <-> DELETED SMTP Adobe PDF JBIG2 remote code execution attempt (deleted.rules, High)
15355 <-> DELETED WEB-CLIENT Adobe PDF JBIG2 remote code execution attempt (deleted.rules, High)
15423 <-> SPECIFIC-THREATS Clampi virus communication detected (specific-threats.rules, High)
15424 <-> WEB-PHP phpBB mod shoutbox sql injection attempt (web-php.rules, High)
15425 <-> WEB-PHP phpBB mod tag board sql injection attempt (web-php.rules, High)
15426 <-> WEB-CLIENT MAKI file request (web-client.rules, Low)
15427 <-> WEB-MISC SVG file request (web-misc.rules, Low)
15428 <-> WEB-CLIENT Mozilla Firefox SVG data processing memory corruption attempt (web-client.rules, High)
15429 <-> CONTENT-REPLACE Yahoo Messenger deny outbound login attempt (content-replace.rules, High)
15430 <-> WEB-CLIENT Microsoft EMF+ GpFont.SetData buffer overflow attempt (web-client.rules, High)
15431 <-> SPECIFIC-THREATS Firefox 3 xsl parsing heap overflow attempt (specific-threats.rules, High)
15432 <-> WEB-PHP wordpress cat parameter arbitrary file execution attempt (web-php.rules, High)

Updated rules:
 654 <-> SMTP RCPT TO overflow (smtp.rules, High)
2270 <-> SMTP RCPT TO sendmail prescan too long addresses overflow (smtp.rules, High)
12359 <-> VOIP-SIP Asterisk data length field overflow (voip.rules, High)
15356 <-> DELETED SMTP Adobe PDF JBIG2 remote code execution attempt (deleted.rules, High)