Sourcefire VRT Rules Update
Date: 2009-04-14
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.
The format of the file is:
sid - Message (rule group, priority)
New rules: 15471 <-> WEB-CLIENT asp file upload (web-client.rules, Low) 15472 <-> WEB-CLIENT Nullsoft Winamp pls file player name handling buffer overflow attempt (web-client.rules, High) 15473 <-> WEB-CLIENT Nullsoft Winamp m3u file player name handling buffer overflow attempt (web-client.rules, High) Updated rules: 529 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrShareEnum null policy handle attempt (netbios.rules, Low) 1321 <-> BAD-TRAFFIC 0 ttl (bad-traffic.rules, Low) 2177 <-> NETBIOS SMB startup folder unicode access (netbios.rules, Medium) 3145 <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 response overflow attempt (netbios.rules, Low) 5802 <-> SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - track activity 2 (spyware-put.rules, Medium) 5902 <-> SPYWARE-PUT Adware download accelerator plus runtime detection - startup (spyware-put.rules, Low) 8428 <-> WEB-MISC SSLv2 openssl get shared ciphers overflow attempt (web-misc.rules, High) 8436 <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules, High) 9419 <-> SPECIFIC-THREATS sasser attempt (specific-threats.rules, High) 9420 <-> SPECIFIC-THREATS korgo attempt (specific-threats.rules, High) 9421 <-> SPECIFIC-THREATS zotob attempt (specific-threats.rules, High) 9422 <-> SPECIFIC-THREATS msblast attempt (specific-threats.rules, High) 9423 <-> SPECIFIC-THREATS lovegate attempt (specific-threats.rules, High) 12070 <-> EXPLOIT Microsoft Excel malformed version field (exploit.rules, High) 12422 <-> EXPLOIT RealNetworks Helix RTSP long describe request exploit attempt (exploit.rules, High) 12741 <-> EXPLOIT Apple Quicktime TCP RTSP sdp type buffer overflow attempt (exploit.rules, High) 13819 <-> WEB-MISC IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (web-misc.rules, High) 15430 <-> WEB-CLIENT Microsoft EMF+ GpFont.SetData buffer overflow attempt (web-client.rules, High) 15446 <-> WEB-MISC Novell eDirectory management console Accept-Language buffer overflow attempt (web-misc.rules, High) 15447 <-> WEB-CLIENT Firefox XML parser memory corruption attempt (web-client.rules, Medium) 15448 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrShareEnum null policy handle attempt (netbios.rules, Low) 15463 <-> WEB-CLIENT Microsoft Excel file request (web-client.rules, Low) 15464 <-> WEB-CLIENT Microsoft Excel file request (web-client.rules, Low)
