Sourcefire VRT Rules Update
Date: 2010-06-22
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.
The format of the file is:
sid - Message (rule group, priority)
New rules: 16712 <-> WEB-MISC HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET (web-misc.rules, High) 16713 <-> WEB-MISC HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST (web-misc.rules, High) 16714 <-> SPECIFIC-THREATS SoftArtisans XFile FileManager ActiveX Control buffer overflow attempt (specific-threats.rules, High) 16717 <-> ORACLE Oracle Secure Enterprise Search search_p_groups cross-site scripting attempt (oracle.rules, High) 16718 <-> EXPLOIT Skype URI handler input validation exploit attempt (exploit.rules, Medium) 16722 <-> ORACLE Oracle Database Server DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE procedure SQL injection attempt (oracle.rules, High) 16723 <-> ORACLE Oracle Database Server DBMS_CDC_PUBLISH.ALTER_CHANGE_SOURCE procedure SQL injection attempt (oracle.rules, High) 16724 <-> EXPLOIT Linux kernel sctp_process_unk_param SCTPChunkInit buffer overflow attempt (exploit.rules, High) 16732 <-> WEB-CLIENT SafeNet SoftRemote multiple policy file local overflow attempt (web-client.rules, High) 16735 <-> SPECIFIC-THREATS URSoft W32Dasm Import/Export function buffer overflow attempt (specific-threats.rules, High) Updated rules: 2180 <-> P2P BitTorrent announce request (p2p.rules, High) 2318 <-> MISC CVS non-relative path access attempt (misc.rules, Medium) 2348 <-> DELETED NETBIOS SMB-DS DCERPC print spool bind attempt (deleted.rules, Low) 16202 <-> DELETED WEB-MISC Microsoft Active Directory LDAP query DoS attempt (deleted.rules, Medium) 16684 <-> DOS Samba smbd Session Setup AndX security blob length dos attempt (dos.rules, Medium) 16688 <-> EXPLOIT iscsi target format string code execution attempt (exploit.rules, High)
