Sourcefire VRT Rules Update
Date: 2010-02-09
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.
The format of the file is:
sid - Message (rule group, priority)
New Rules: 16395 <-> NETBIOS SMB COPY command oversized pathname attempt 16405 <-> ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt 16409 <-> WEB-CLIENT Microsoft PowerPoint improper filename remote code execution attempt 16410 <-> WEB-CLIENT Microsoft PowerPoint file LinkedSlide10Atom record parsing heap corruption attempt 16411 <-> WEB-CLIENT Microsoft PowerPoint out of bounds value remote code execution attempt 16412 <-> WEB-CLIENT Microsoft PowerPoint invalid TextByteAtom remote code execution attempt 16413 <-> WEB-CLIENT Microsoft PowerPoint invalid TextCharsAtom remote code execution attempt 16414 <-> WEB-CLIENT Windows Shell Handler remote code execution attempt 16415 <-> WEB-CLIENT Microsoft DirectShow memory corruption attempt 16416 <-> WEB-CLIENT Malformed XLS MSODrawing Record 16417 <-> NETBIOS SMB Negotiate Protocol Response overflow attempt 16418 <-> NETBIOS DELETED SMB client NULL deref race condition attempt - DISABLED 16419 <-> WEB-ACTIVEX Microsoft Data Analyzer 3.5 ActiveX clsid access 16420 <-> WEB-ACTIVEX Microsoft Data Analyzer 3.5 ActiveX clsid unicode access 16421 <-> EXPLOIT Microsoft PowerPoint out of bounds value remote code execution attempt 16422 <-> EXPLOIT JPEG with malformed SOFx field 16423 <-> WEB-CLIENT IE7/8 execute local file in Internet zone redirect attempt 16394 <-> DOS Active Directory Kerberos referral TGT renewal DoS attempt 16396 <-> NETBIOS SMB server srvnet.sys driver race condition attempt 16408 <-> DOS Microsoft Windows TCP SACK invalid range denial of service attempt 16397 <-> NETBIOS SMB andx invalid server name share access 16398 <-> NETBIOS SMB invalid server name share access 16399 <-> NETBIOS SMB unicode andx invalid server name share access 16400 <-> NETBIOS SMB unicode invalid server name share access 16401 <-> NETBIOS NETBIOS-DG SMB andx invalid server name share access 16402 <-> NETBIOS NETBIOS-DG SMB invalid server name share access 16403 <-> NETBIOS NETBIOS-DG SMB unicode andx invalid server name share access 16404 <-> NETBIOS NETBIOS-DG SMB unicode invalid server name share access 16406 <-> WEB-MISC JPEG file download attempt 16407 <-> WEB-MISC JPEG file download attempt Updated Rules: 15500 <-> WEB-CLIENT Microsoft PowerPoint LinkedSlide memory corruption 16393 <-> EXPLOIT Postgresql bit substring buffer overflow
