Snort

Sourcefire VRT Rules Update

Date: 2009-10-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group, priority)

New rules:
16218 <-> WEB-MISC Content-Length request offset smuggling attempt (web-misc.rules, Medium)

Updated rules:
2394 <-> WEB-MISC Compaq web-based management agent denial of service attempt (web-misc.rules, High)
5900 <-> SPYWARE-PUT Trackware adtools-communicator runtime detection - collect information (spyware-put.rules, Medium)
12747 <-> WEB-ACTIVEX BitDefender Online Scanner ActiveX clsid access (web-activex.rules, High)
12748 <-> WEB-ACTIVEX BitDefender Online Scanner ActiveX clsid unicode access (web-activex.rules, High)
12749 <-> WEB-ACTIVEX BitDefender Online Scanner ActiveX function call access (web-activex.rules, High)
12750 <-> WEB-ACTIVEX BitDefender Online Scanner ActiveX function call unicode access (web-activex.rules, High)
13584 <-> WEB-CLIENT csv file download request (web-client.rules, Low)
14039 <-> EXPLOIT GNOME Project libxslt RC4 key string buffer overflow attempt (exploit.rules, High)
14040 <-> EXPLOIT GNOME Project libxslt RC4 key string buffer overflow attempt (exploit.rules, High)
14041 <-> EXPLOIT GNOME Project libxslt RC4 key string buffer overflow attempt (exploit.rules, High)
15727 <-> POLICY Attempted download of a PDF with embedded Flash (policy.rules, High)
15728 <-> EXPLOIT Possible Adobe PDF ActionScript byte_array heap spray attempt (exploit.rules, High)
15729 <-> EXPLOIT Possible Adobe Flash ActionScript byte_array heap spray attempt (exploit.rules, High)