Sourcefire VRT Rules Update
Date: 2009-05-05
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.
The format of the file is:
sid - Message (rule group, priority)
New rules: 15481 <-> SPECIFIC-THREATS Zbot malware config file download request (specific-threats.rules, High) 15482 <-> EXPLOIT Sun Java System sockd authentication buffer overflow attempt (exploit.rules, High) 15483 <-> WEB-MISC Adobe Shockwave Flash file request (web-misc.rules, Low) 15484 <-> IMAP CRAM-MD5 authentication method buffer overflow (imap.rules, High) 15485 <-> SPECIFIC-THREATS IBM Lotus Notes DOC attachment viewer buffer overflow (specific-threats.rules, High) 15486 <-> BACKDOOR Kraken command and control server search attempt (backdoor.rules, High) 15487 <-> MULTIMEDIA Apple QuickTime SMIL qtnext redirect file execution attempt (multimedia.rules, High) 15488 <-> SPECIFIC-THREATS Oracle Database Application Express Component APEX password hash disclosure attempt (specific-threats.rules, Medium) 15489 <-> CHAT Cerulean Studios Trillian image filename handling XML tag overflow attempt (chat.rules, High) 15490 <-> BAD-TRAFFIC Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (bad-traffic.rules, High) 15491 <-> EXPLOIT Subversion 1.0.2 dated-rev-report buffer overflow attempt (exploit.rules, High) 15492 <-> SPECIFIC-THREATS Adobe PDF spell.customDictionaryOpen exploit attempt (specific-threats.rules, High) 15493 <-> SPECIFIC-THREATS Adobe PDF getAnnots exploit attempt (specific-threats.rules, High) Updated rules: 1497 <-> DELETED WEB-MISC cross site scripting attempt (deleted.rules, High) 2421 <-> MULTIMEDIA realplayer .smi playlist download attempt (multimedia.rules, Low) 14601 <-> EXPLOIT Subversion 1.0.2 get-dated-rev buffer overflow attempt (exploit.rules, High)
