Sourcefire VRT Rules Update

Date: 2009-10-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group, priority)

New rules:
16189 <-> ORACLE Oracle Database REPCAT_RPC.VALIDATE_REMOTE_RC SQL injection attempt (oracle.rules, High)
16190 <-> ORACLE Oracle Secure Backup Administration server property_box.php command injection attempt (oracle.rules, High)
16191 <-> ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (oracle.rules, High)
16192 <-> ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via POST (oracle.rules, High)
16193 <-> SMTP Novell GroupWise Internet Agent SMTP AUTH LOGIN command buffer overflow attempt (smtp.rules, High)
16194 <-> WEB-MISC Novell eDirectory HTTP request content-length heap buffer overflow attempt (web-misc.rules, High)
16195 <-> WEB-MISC Novell eDirectory HTTP request content-length heap buffer overflow attempt (web-misc.rules, High)
16196 <-> SPECIFIC-THREATS Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (specific-threats.rules, Low)
16197 <-> SPECIFIC-THREATS OpenLDAP ber_get_next BER decoding denial of service attempt (specific-threats.rules, Medium)
16198 <-> SPECIFIC-THREATS Apache mod_auth_pgsql module logging facility format string exploit attempt (specific-threats.rules, High)
16199 <-> SPECIFIC-THREATS SpamAssassin long message header denial of service attempt (specific-threats.rules, Medium)
16200 <-> SPECIFIC-THREATS Firefox command line URL shell command injection attempt (specific-threats.rules, High)
16201 <-> SPECIFIC-THREATS Ipswitch Collaboration Suite SMTP format string exploit attempt (specific-threats.rules, High)
16202 <-> WEB-MISC Microsoft Active Directory LDAP query DoS attempt (web-misc.rules, Medium)
16203 <-> DELETED Squid Proxy invalid HTTP response code denial of service attempt (deleted.rules, Medium)
16204 <-> WEB-CLIENT HP OpenView Network Node Manager ovlaunch host field overflow attempt (web-client.rules, High)
16205 <-> WEB-MISC bitmap file download request (web-misc.rules, Low)
16206 <-> SPECIFIC-THREATS Microsoft Windows DNS server spoofing attempt (specific-threats.rules, Medium)
16207 <-> WEB-MISC MIT Kerberos V% KAdminD klog_vsyslog server overflow attempt (web-misc.rules, High)
16208 <-> WEB-CLIENT Microsoft SQL Server Distributed Management Objects overflow attempt (web-client.rules, High)
16209 <-> DOS FreeRADIUS RADIUS server rad_decode remote denial of service attempt (dos.rules, Medium)
16210 <-> DOS Digium Asterisk SIP sscanf denial of service attempt (dos.rules, Medium)
16211 <-> DOS Digium Asterisk SIP sscanf denial of service attempt (dos.rules, Medium)
16212 <-> DOS Digium Asterisk SIP sscanf denial of service attempt (dos.rules, Medium)
16213 <-> EXPLOIT Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (exploit.rules, High)
16214 <-> DOS Squid Proxy invalid HTTP response code denial of service attempt (dos.rules, Medium)
16215 <-> ORACLE Oracle Application Server Portal cross site scripting attempt (oracle.rules, High)
16216 <-> SPECIFIC-THREATS IBM Tivoli Provisioning Manager for OS deployment HTTP server buffer attempt (specific-threats.rules, High)
16217 <-> SPECIFIC-THREATS HP OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow (specific-threats.rules, High)

Updated rules:
 625 <-> DELETED SCAN XMAS (deleted.rules, Medium)
1228 <-> DELETED SCAN nmap XMAS (deleted.rules, Medium)
15987 <-> WEB-MISC Microsoft Visio DXF file download request (web-misc.rules, Low)