Sourcefire VRT Rules Update

Date: 2010-09-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.5.3.

The format of the file is:

sid - Message (rule group, priority)

New rules:
17210 <-> POLICY Portable Executable binary file transfer over SMB (policy.rules, High)
17211 <-> WEB-CLIENT Quicktime marshaled punk remote code execution (web-client.rules, High)
17212 <-> WEB-CLIENT Mozilla Firefox JavaScript eval arbitrary code execution attempt (web-client.rules, High)
17213 <-> WEB-CLIENT Mozilla Firefox Chrome Page Loading Restriction Bypass attempt (web-client.rules, High)

Updated rules:
3409 <-> NETBIOS DCERPC NCACN-IP-TCP IActivation remoteactivation overflow attempt (netbios.rules, High)
12069 <-> EXPLOIT Microsoft Windows Active Directory Crafted LDAP ModifyRequest (exploit.rules, High)
15867 <-> WEB-CLIENT Adobe Acrobat PDF font processing memory corruption attempt (web-client.rules, High)
17209 <-> SQL IBM DB2 DATABASE SERVER SQL REPEAT Buffer Overflow (sql.rules, High)