Sourcefire VRT Rules Update

Date: 2010-06-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group, priority)

New rules:
16712 <-> WEB-MISC HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET (web-misc.rules, High)
16713 <-> WEB-MISC HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST (web-misc.rules, High)
16714 <-> SPECIFIC-THREATS SoftArtisans XFile FileManager ActiveX Control buffer overflow attempt (specific-threats.rules, High)
16717 <-> ORACLE Oracle Secure Enterprise Search search_p_groups cross-site scripting attempt (oracle.rules, High)
16718 <-> EXPLOIT Skype URI handler input validation exploit attempt (exploit.rules, Medium)
16722 <-> ORACLE Oracle Database Server DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE procedure SQL injection attempt (oracle.rules, High)
16723 <-> ORACLE Oracle Database Server DBMS_CDC_PUBLISH.ALTER_CHANGE_SOURCE procedure SQL injection attempt (oracle.rules, High)
16724 <-> EXPLOIT Linux kernel sctp_process_unk_param SCTPChunkInit buffer overflow attempt (exploit.rules, High)
16732 <-> WEB-CLIENT SafeNet SoftRemote multiple policy file local overflow attempt (web-client.rules, High)
16735 <-> SPECIFIC-THREATS URSoft W32Dasm Import/Export function buffer overflow attempt (specific-threats.rules, High)

Updated rules:
2180 <-> P2P BitTorrent announce request (p2p.rules, High)
2318 <-> MISC CVS non-relative path access attempt (misc.rules, Medium)
2348 <-> DELETED NETBIOS SMB-DS DCERPC print spool bind attempt (deleted.rules, Low)
16202 <-> DELETED WEB-MISC Microsoft Active Directory LDAP query DoS attempt (deleted.rules, Medium)
16684 <-> DOS Samba smbd Session Setup AndX security blob length dos attempt  (dos.rules, Medium)
16688 <-> EXPLOIT iscsi target format string code execution attempt (exploit.rules, High)