Sourcefire VRT Rules Update

Date: 2009-04-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group, priority)

New rules:
15471 <-> WEB-CLIENT asp file upload (web-client.rules, Low)
15472 <-> WEB-CLIENT Nullsoft Winamp pls file player name handling buffer overflow attempt (web-client.rules, High)
15473 <-> WEB-CLIENT Nullsoft Winamp m3u file player name handling buffer overflow attempt (web-client.rules, High)

Updated rules:
 529 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrShareEnum null policy handle attempt (netbios.rules, Low)
1321 <-> BAD-TRAFFIC 0 ttl (bad-traffic.rules, Low)
2177 <-> NETBIOS SMB startup folder unicode access (netbios.rules, Medium)
3145 <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 response overflow attempt (netbios.rules, Low)
5802 <-> SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - track activity 2 (spyware-put.rules, Medium)
5902 <-> SPYWARE-PUT Adware download accelerator plus runtime detection - startup (spyware-put.rules, Low)
8428 <-> WEB-MISC SSLv2 openssl get shared ciphers overflow attempt (web-misc.rules, High)
8436 <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules, High)
9419 <-> SPECIFIC-THREATS sasser attempt (specific-threats.rules, High)
9420 <-> SPECIFIC-THREATS korgo attempt (specific-threats.rules, High)
9421 <-> SPECIFIC-THREATS zotob attempt (specific-threats.rules, High)
9422 <-> SPECIFIC-THREATS msblast attempt (specific-threats.rules, High)
9423 <-> SPECIFIC-THREATS lovegate attempt (specific-threats.rules, High)
12070 <-> EXPLOIT Microsoft Excel malformed version field (exploit.rules, High)
12422 <-> EXPLOIT RealNetworks Helix RTSP long describe request exploit attempt (exploit.rules, High)
12741 <-> EXPLOIT Apple Quicktime TCP RTSP sdp type buffer overflow attempt (exploit.rules, High)
13819 <-> WEB-MISC IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (web-misc.rules, High)
15430 <-> WEB-CLIENT Microsoft EMF+ GpFont.SetData buffer overflow attempt (web-client.rules, High)
15446 <-> WEB-MISC Novell eDirectory management console Accept-Language buffer overflow attempt (web-misc.rules, High)
15447 <-> WEB-CLIENT Firefox XML parser memory corruption attempt (web-client.rules, Medium)
15448 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrShareEnum null policy handle attempt (netbios.rules, Low)
15463 <-> WEB-CLIENT Microsoft Excel file request (web-client.rules, Low)
15464 <-> WEB-CLIENT Microsoft Excel file request (web-client.rules, Low)