Sourcefire VRT Rules Update

Date: 2010-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.

The format of the file is:

sid - Message (rule group, priority)

New Rules:
16395 <-> NETBIOS SMB COPY command oversized pathname attempt
16405 <-> ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt
16409 <-> WEB-CLIENT Microsoft PowerPoint improper filename remote code execution attempt
16410 <-> WEB-CLIENT Microsoft PowerPoint file LinkedSlide10Atom record parsing heap corruption attempt
16411 <-> WEB-CLIENT Microsoft PowerPoint out of bounds value remote code execution attempt
16412 <-> WEB-CLIENT Microsoft PowerPoint invalid TextByteAtom remote code execution attempt
16413 <-> WEB-CLIENT Microsoft PowerPoint invalid TextCharsAtom remote code execution attempt
16414 <-> WEB-CLIENT Windows Shell Handler remote code execution attempt
16415 <-> WEB-CLIENT Microsoft DirectShow memory corruption attempt
16416 <-> WEB-CLIENT Malformed XLS MSODrawing Record
16417 <-> NETBIOS SMB Negotiate Protocol Response overflow attempt
16418 <-> NETBIOS DELETED SMB client NULL deref race condition attempt - DISABLED
16419 <-> WEB-ACTIVEX Microsoft Data Analyzer 3.5 ActiveX clsid access
16420 <-> WEB-ACTIVEX Microsoft Data Analyzer 3.5 ActiveX clsid unicode access
16421 <-> EXPLOIT Microsoft PowerPoint out of bounds value remote code execution attempt
16422 <-> EXPLOIT JPEG with malformed SOFx field
16423 <-> WEB-CLIENT IE7/8 execute local file in Internet zone redirect attempt
16394 <-> DOS Active Directory Kerberos referral TGT renewal DoS attempt
16396 <-> NETBIOS SMB server srvnet.sys driver race condition attempt
16408 <-> DOS Microsoft Windows TCP SACK invalid range denial of service attempt
16397 <-> NETBIOS SMB andx invalid server name share access
16398 <-> NETBIOS SMB invalid server name share access
16399 <-> NETBIOS SMB unicode andx invalid server name share access
16400 <-> NETBIOS SMB unicode invalid server name share access
16401 <-> NETBIOS NETBIOS-DG SMB andx invalid server name share access
16402 <-> NETBIOS NETBIOS-DG SMB invalid server name share access
16403 <-> NETBIOS NETBIOS-DG SMB unicode andx invalid server name share access
16404 <-> NETBIOS NETBIOS-DG SMB unicode invalid server name share access
16406 <-> WEB-MISC JPEG file download attempt
16407 <-> WEB-MISC JPEG file download attempt

Updated Rules:
15500 <-> WEB-CLIENT Microsoft PowerPoint LinkedSlide memory corruption
16393 <-> EXPLOIT Postgresql bit substring buffer overflow