Sourcefire VRT Rules Update

Date: 2009-06-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group, priority)

New rules:
15574 <-> SMTP Exim MAIL FROM overflow attempt (smtp.rules, High)

Updated rules:
2437 <-> DELETED WEB-CLIENT RealPlayer arbitrary javascript commnad attempt (deleted.rules, High)
3473 <-> WEB-CLIENT RealPlayer SMIL file overflow attempt (web-client.rules, High)
7691 <-> BACKDOOR evade runtime detection - file manager (backdoor.rules, High)
11204 <-> ORACLE Oracle Database DBMS_AQADM_SYS package GRANT_TYPE_ACCESS procedure SQL injection attempt (oracle.rules, High)
12757 <-> WEB-CLIENT Apple Quicktime uncompressed PICT stack overflow attempt (web-client.rules, High)
13161 <-> EXPLOIT HP OpenView CGI parameter buffer overflow attempt (exploit.rules, High)
13801 <-> WEB-CLIENT RTF file download request (web-client.rules, Low)