Snort

Sourcefire VRT Rules Update

Date: 2010-10-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.5.3.

The format of the file is:

sid - Message (rule group, priority)

New rules:
17806 <-> SPECIFIC-THREATS Adobe Shockwave Director rcsL chunk remote code execution attempt (specific-threats.rules, High)
17807 <-> SPECIFIC-THREATS Adobe Shockwave Director rcsL chunk remote code execution attempt (specific-threats.rules, High)

Updated rules:
2441 <-> WEB-MISC NetObserve authentication bypass attempt (web-misc.rules, High)
7101 <-> BACKDOOR gwboy 0.92 runtime detection (backdoor.rules, High)
7103 <-> BACKDOOR gwboy 0.92 runtime detection - init connection (backdoor.rules, High)
12786 <-> EXPLOIT CA ARCserve Backup for Laptops rxsSetDataGrowthScheduleAndFilter overflow attempt (exploit.rules, High)
12787 <-> EXPLOIT CA ARCserve Backup for Laptops rxsSetDefaultConfigName overflow attempt (exploit.rules, High)
12788 <-> EXPLOIT CA ARCserve Backup for Laptops rxsSetDefaultConfigName overflow attempt (exploit.rules, High)
13928 <-> SPECIFIC-THREATS Adobe RoboHelp r0 SQL injection attempt (specific-threats.rules, High)
15678 <-> SPECIFIC-THREATS Microsoft DirectShow ActiveX exploit via JavaScript (specific-threats.rules, High)
15892 <-> DOS SAPLPD 0x53 command denial of service attempt (dos.rules, Medium)
16924 <-> BLACKLIST URI request for known malicious URI - /inst.php?fff= (blacklist.rules, High)
17494 <-> WEB-CLIENT Microsoft Internet Explorer Long URL Buffer Overflow attempt (web-client.rules, High)
17523 <-> SPECIFIC-THREATS Apple QuickTime H.264 Movie File Buffer Overflow (specific-threats.rules, High)
17779 <-> DELETED SPECIFIC-THREATS Adobe RoboHelp r0 SQL injection attempt (deleted.rules, High)
17804 <-> WEB-CLIENT Mozilla Firefox html tag attributes memory corruption (web-client.rules, High)