Sourcefire VRT Rules Update
Date: 2010-08-18
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.5.3.
The format of the file is:
sid - Message (rule group, priority)
New rules: 17143 <-> WEB-CLIENT Adobe Photoshop CS4 ABR file processing buffer overflow attempt - 1 (web-client.rules, High) 17144 <-> WEB-CLIENT Adobe Photoshop CS4 ABR file processing buffer overflow attempt - 2 (web-client.rules, High) 17145 <-> WEB-CLIENT Adobe Photoshop CS4 ASL file processing buffer overflow attempt (web-client.rules, High) 17146 <-> WEB-CLIENT Adobe Photoshop CS4 GRD file processing buffer overflow attempt (web-client.rules, High) 17147 <-> SPECIFIC-THREATS Adobe Photoshop CS4 ABR file processing buffer overflow attempt (specific-threats.rules, High) 17151 <-> SPECIFIC-THREATS Samba smbd flags2 header parsing denial of service attempt - 1 (specific-threats.rules, Medium) 17152 <-> SPECIFIC-THREATS Samba smbd flags2 header parsing denial of service attempt - 2 (specific-threats.rules, Medium) 17153 <-> WEB-CLIENT Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (web-client.rules, High) 17154 <-> WEB-CLIENT Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (web-client.rules, High) 17156 <-> EXPLOIT HP Performance Manager Apache Tomcat policy bypass attempt (exploit.rules, High) 17157 <-> WEB-MISC HP Intelligent Management Center database credentials information disclosure attempt - 1 (web-misc.rules, High) 17158 <-> WEB-MISC HP Intelligent Management Center database credentials information disclosure attempt - 2 (web-misc.rules, High) 17159 <-> WEB-MISC HP Intelligent Management Center database credentials information disclosure attempt - 3 (web-misc.rules, High) 17160 <-> SPECIFIC-THREATS Liquid XML Studio LtXmlComHelp8.dll ActiveX OpenFile buffer overflow attempt (specific-threats.rules, High) 17161 <-> WEB-ACTIVEX Liquid XML Studio ActiveX clsid access (web-activex.rules, High) 17162 <-> WEB-ACTIVEX Liquid XML Studio ActiveX clsid unicode access (web-activex.rules, High) 17163 <-> WEB-ACTIVEX Liquid XML Studio ActiveX function call access (web-activex.rules, High) 17164 <-> WEB-ACTIVEX Liquid XML Studio ActiveX function call unicode access (web-activex.rules, High) Updated rules: 13473 <-> EXPLOIT Microsoft Publisher file download (exploit.rules, Low) 15709 <-> WEB-CLIENT Adobe Acrobat and Adobe Reader FlateDecode integer overflow attempt (web-client.rules, High) 16051 <-> SPECIFIC-THREATS Microsoft Publisher 2007 conversion library code execution attempt (specific-threats.rules, High)
