Snort :: Changes 2010-09-09

Sourcefire VRT Rules Update

Date: 2010-09-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.5.3.

The format of the file is:

sid - Message (rule group, priority)

New rules:
17222 <-> SPECIFIC-THREATS Firefox domain name handling buffer overflow attempt (specific-threats.rules, High)
17224 <-> SMTP McAfee WebShield SMTP bounce message format string attempt (smtp.rules, High)
17225 <-> SPECIFIC-THREATS Alt-N MDaemon WorldClient invalid user (specific-threats.rules, Medium)
17226 <-> WEB-ACTIVEX AXIS Camera ActiveX initialization via script (web-activex.rules, High)
17227 <-> WEB-CLIENT Microsoft Excel sheet name memory corruption attempt (web-client.rules, High)
17231 <-> WEB-CLIENT Microsoft Kodak Imaging small offset malformed tiff - little-endian (web-client.rules, High)
17232 <-> WEB-CLIENT Microsoft Kodak Imaging large offset malformed tiff - big-endian (web-client.rules, High)
17233 <-> SPECIFIC-THREATS Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt (specific-threats.rules, High)

Updated rules:
12633 <-> EXPLOIT Microsoft Kodak Imaging small offset malformed tiff (exploit.rules, High)
12634 <-> EXPLOIT Microsoft Kodak Imaging large offset malformed tiff 2 (exploit.rules, High)
15243 <-> WEB-ACTIVEX AXIS Camera ActiveX clsid access (web-activex.rules, High)

Snort

Sourcefire VRT Rules Update

Date: 2010-09-09

Snort Links

Community

Sourcefire