Sourcefire VRT Rules Update

Date: 2010-01-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group, priority)

New rules:
16390 <-> POLICY Adobe PDF alternate file magic obfuscation (policy.rules, Low)
16391 <-> SPECIFIC-THREATS Gozi Trojan connection to C&C attempt (specific-threats.rules, High)
16392 <-> WEB-MISC Sun Java System Web Server 7.0u7 authorization digest heap overflow (web-misc.rules, High)
16393 <-> EXPLOIT Postgresql bit substring buffer overflow (exploit.rules, High)

Updated rules:
1451 <-> WEB-CGI NPH-maillist access (web-cgi.rules, Medium)
1565 <-> WEB-CGI arbitrary command execution attempt (web-cgi.rules, High)
12187 <-> RPC portmap 2112 tcp rename_principal attempt (rpc.rules, Medium)
12188 <-> RPC portmap 2112 udp rename_principal attempt (rpc.rules, Medium)