Sourcefire VRT Rules Update
Date: 2009-10-20
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.
The format of the file is:
sid - Message (rule group, priority)
New rules: 16189 <-> ORACLE Oracle Database REPCAT_RPC.VALIDATE_REMOTE_RC SQL injection attempt (oracle.rules, High) 16190 <-> ORACLE Oracle Secure Backup Administration server property_box.php command injection attempt (oracle.rules, High) 16191 <-> ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (oracle.rules, High) 16192 <-> ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via POST (oracle.rules, High) 16193 <-> SMTP Novell GroupWise Internet Agent SMTP AUTH LOGIN command buffer overflow attempt (smtp.rules, High) 16194 <-> WEB-MISC Novell eDirectory HTTP request content-length heap buffer overflow attempt (web-misc.rules, High) 16195 <-> WEB-MISC Novell eDirectory HTTP request content-length heap buffer overflow attempt (web-misc.rules, High) 16196 <-> SPECIFIC-THREATS Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (specific-threats.rules, Low) 16197 <-> SPECIFIC-THREATS OpenLDAP ber_get_next BER decoding denial of service attempt (specific-threats.rules, Medium) 16198 <-> SPECIFIC-THREATS Apache mod_auth_pgsql module logging facility format string exploit attempt (specific-threats.rules, High) 16199 <-> SPECIFIC-THREATS SpamAssassin long message header denial of service attempt (specific-threats.rules, Medium) 16200 <-> SPECIFIC-THREATS Firefox command line URL shell command injection attempt (specific-threats.rules, High) 16201 <-> SPECIFIC-THREATS Ipswitch Collaboration Suite SMTP format string exploit attempt (specific-threats.rules, High) 16202 <-> WEB-MISC Microsoft Active Directory LDAP query DoS attempt (web-misc.rules, Medium) 16203 <-> DELETED Squid Proxy invalid HTTP response code denial of service attempt (deleted.rules, Medium) 16204 <-> WEB-CLIENT HP OpenView Network Node Manager ovlaunch host field overflow attempt (web-client.rules, High) 16205 <-> WEB-MISC bitmap file download request (web-misc.rules, Low) 16206 <-> SPECIFIC-THREATS Microsoft Windows DNS server spoofing attempt (specific-threats.rules, Medium) 16207 <-> WEB-MISC MIT Kerberos V% KAdminD klog_vsyslog server overflow attempt (web-misc.rules, High) 16208 <-> WEB-CLIENT Microsoft SQL Server Distributed Management Objects overflow attempt (web-client.rules, High) 16209 <-> DOS FreeRADIUS RADIUS server rad_decode remote denial of service attempt (dos.rules, Medium) 16210 <-> DOS Digium Asterisk SIP sscanf denial of service attempt (dos.rules, Medium) 16211 <-> DOS Digium Asterisk SIP sscanf denial of service attempt (dos.rules, Medium) 16212 <-> DOS Digium Asterisk SIP sscanf denial of service attempt (dos.rules, Medium) 16213 <-> EXPLOIT Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (exploit.rules, High) 16214 <-> DOS Squid Proxy invalid HTTP response code denial of service attempt (dos.rules, Medium) 16215 <-> ORACLE Oracle Application Server Portal cross site scripting attempt (oracle.rules, High) 16216 <-> SPECIFIC-THREATS IBM Tivoli Provisioning Manager for OS deployment HTTP server buffer attempt (specific-threats.rules, High) 16217 <-> SPECIFIC-THREATS HP OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow (specific-threats.rules, High) Updated rules: 625 <-> DELETED SCAN XMAS (deleted.rules, Medium) 1228 <-> DELETED SCAN nmap XMAS (deleted.rules, Medium) 15987 <-> WEB-MISC Microsoft Visio DXF file download request (web-misc.rules, Low)
