Sourcefire VRT Rules Update

Date: 2010-01-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group, priority)

New rules:
16379 <-> WEB-ACTIVEX SAP AG SAPgui sapirrfc ActiveX clsid access (web-activex.rules, High)
16380 <-> WEB-ACTIVEX SAP AG SAPgui sapirrfc ActiveX clsid unicode access (web-activex.rules, High)
16381 <-> NETBIOS SMB session negotiation request (netbios.rules, Low)
16382 <-> WEB-CLIENT HTML+TIME animatemotion property memory corruption attempt (web-client.rules, High)
16383 <-> ORACLE MDSYS drop table trigger injection attempt (oracle.rules, High)
16384 <-> DOS VMware Server ISAPI Extension remote denial of service attempt (dos.rules, Medium)
16385 <-> MYSQL yaSSL library cert parsing stack overflow attempt (mysql.rules, High)

Updated rules:
2056 <-> WEB-MISC TRACE attempt (web-misc.rules, High)
10115 <-> WEB-CLIENT Microsoft WMF denial of service attempt (web-client.rules, High)
11687 <-> WEB-MISC Apache SSI error page cross-site scripting (web-misc.rules, High)
13512 <-> SQL generic sql exec injection attempt - GET parameter (sql.rules, High)
13513 <-> SQL generic sql insert injection atttempt - GET parameter (sql.rules, High)
13514 <-> SQL generic sql update injection attempt - GET parameter (sql.rules, High)
13865 <-> WEB-CLIENT Adobe BMP image handler buffer overflow attempt (web-client.rules, High)
13901 <-> NETBIOS SMB server response heap overflow attempt (netbios.rules, High)
13990 <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules, Medium)
16214 <-> DOS Squid Proxy invalid HTTP response code denial of service attempt (dos.rules, Medium)
16288 <-> SPECIFIC-THREATS Sun Java Runtime AWT setDiffICM stack buffer overflow attempt (specific-threats.rules, High)
16291 <-> WEB-CLIENT Mozilla Network Security Services regexp heap overflow attempt (web-client.rules, High)