Sourcefire VRT Rules Update
Date: 2009-09-15
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.
The format of the file is:
sid - Message (rule group, priority)
New rules: 15931 <-> MISC Veritas NetBackup java user interface service format string attack attempt (misc.rules, High) 15932 <-> FTP LIST globbing denial of service attack (ftp.rules, Medium) 15933 <-> WEB-CLIENT Internet Explorer URL canonicalization address bar spoofing attempt (web-client.rules, Low) 15934 <-> DNS dns response for rfc1918 172.16/12 address detected (dns.rules, High) 15935 <-> DNS dns response for rfc1918 192.168/16 address detected (dns.rules, High) 15936 <-> SPECIFIC-THREATS Sendmail identd command parsing vulnerability (specific-threats.rules, High) 15937 <-> SPECIFIC-THREATS protos h323 buffer overflow (specific-threats.rules, High) 15938 <-> SPECIFIC-THREATS Backdoor SubSeven client connection to server (specific-threats.rules, High) 15939 <-> SPECIFIC-THREATS MSN Messenger IRC bot calling home attempt (specific-threats.rules, High) 15940 <-> SPECIFIC-THREATS RealNetworks RealPlayer Multiple Products RA file processing overflow attempt (specific-threats.rules, High) 15941 <-> DOS Squid Proxy TRACE request remote DoS attempt (dos.rules, High) Updated rules: 1893 <-> SNMP missing community string attempt (snmp.rules, Medium) 3192 <-> WEB-CLIENT Windows Media Player directory traversal via Content-Disposition attempt (web-client.rules, High) 13249 <-> DNS dns response for rfc1918 10/8 address detected (dns.rules, High) 13553 <-> EXPLOIT Sybase SQL Anywhere Mobilink username string buffer overflow (exploit.rules, High) 13554 <-> EXPLOIT Sybase SQL Anywhere Mobilink version string buffer overflow (exploit.rules, High) 13555 <-> EXPLOIT Sybase SQL Anywhere Mobilink remoteID string buffer overflow (exploit.rules, High) 15930 <-> NETBIOS Microsoft Windows SMB malformed process ID high field denial-of-service attempt (netbios.rules, Medium)
