Sourcefire VRT Rules Update

Date: 2010-08-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.5.3.

The format of the file is:

sid - Message (rule group, priority)

New rules:
10126 <-> WEB-CLIENT QuickTime JPEG Huffman Table integer underflow attempt (web-client.rules, High)
15010 <-> EXPLOIT BEA WebLogic jsessionid buffer overflow attempt (exploit.rules, High)
17205 <-> RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (rpc.rules, High)
17206 <-> RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp (rpc.rules, High)
17207 <-> EXPLOIT IBM Cognos Server backdoor account remote code execution attempt (exploit.rules, High)
17208 <-> EXPLOIT Squid Proxy HTCP packet processing denial of service attempt (exploit.rules, Medium)
17209 <-> SQL IBM DB2 DATABASE SERVER SQL REPEAT Buffer Overflow (sql.rules, High)

Updated rules:
1973 <-> FTP MKD overflow attempt (ftp.rules, High)
1976 <-> FTP RMD overflow attempt (ftp.rules, High)
6250 <-> SPYWARE-PUT Adware hotbar runtime detection - hotbar user-agent (spyware-put.rules, Low)
6251 <-> SPYWARE-PUT Adware hotbar runtime detection - hostie user-agent (spyware-put.rules, Low)
13473 <-> WEB-MISC Microsoft Publisher file download (web-misc.rules, Low)
16481 <-> WEB-CLIENT Opera Content-Length header integer overflow attempt (web-client.rules, High)
17044 <-> SQL WinCC DB default password security bypass attempt (sql.rules, High)