Sourcefire VRT Rules Update
Date: 2010-06-22
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8_6_0.
The format of the file is:
sid - Message (rule group, priority)
New rules: 16711 <-> SPECIFIC-THREATS E-Book Systems FlipViewer FlipViewerX.dll ActiveX multiple buffer overflow attempt (specific-threats.rules, High) 16712 <-> WEB-MISC HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET (web-misc.rules, High) 16713 <-> WEB-MISC HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST (web-misc.rules, High) 16714 <-> SPECIFIC-THREATS SoftArtisans XFile FileManager ActiveX Control buffer overflow attempt (specific-threats.rules, High) 16715 <-> SPECIFIC-THREATS SaschArt SasCam Webcam Server ActiveX control exploit attempt (specific-threats.rules, High) 16716 <-> WEB-CLIENT Sun Java Web Start Splashscreen PNG processing buffer overflow attempt (web-client.rules, High) 16717 <-> ORACLE Oracle Secure Enterprise Search search_p_groups cross-site scripting attempt (oracle.rules, High) 16718 <-> EXPLOIT Skype URI handler input validation exploit attempt (exploit.rules, Medium) 16719 <-> WEB-CLIENT CA multiple product AV engine CAB header parsing stack overflow attempt (web-client.rules, High) 16720 <-> WEB-CLIENT VideoLAN VLC Media Player TY processing buffer overflow attempt (web-client.rules, High) 16721 <-> WEB-CLIENT Orbital Viewer .orb stack buffer overflow attempt (web-client.rules, High) 16722 <-> ORACLE Oracle Database Server DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE procedure SQL injection attempt (oracle.rules, High) 16723 <-> ORACLE Oracle Database Server DBMS_CDC_PUBLISH.ALTER_CHANGE_SOURCE procedure SQL injection attempt (oracle.rules, High) 16724 <-> EXPLOIT Linux kernel sctp_process_unk_param SCTPChunkInit buffer overflow attempt (exploit.rules, High) 16725 <-> SPECIFIC-THREATS ActivePDF WebGrabber APWebGrb.ocx GetStatus method overflow attempt (specific-threats.rules, High) 16726 <-> WEB-CLIENT gAlan malformed file stack overflow attempt (web-client.rules, High) 16727 <-> WEB-CLIENT IDEAL Administration IPJ file handling stack overflow attempt (web-client.rules, High) 16729 <-> SPECIFIC-THREATS McAfee Remediation client ActiveX control buffer overflow attempt (specific-threats.rules, High) 16730 <-> WEB-CLIENT ProShow Gold PSH file handling overflow attempt (web-client.rules, High) 16731 <-> SPECIFIC-THREATS ProShow Gold PSH file handling overflow attempt (specific-threats.rules, High) 16732 <-> WEB-CLIENT SafeNet SoftRemote multiple policy file local overflow attempt (web-client.rules, High) 16733 <-> WEB-CLIENT UltraISO CCD file handling overflow attempt (web-client.rules, High) 16734 <-> WEB-CLIENT UltraISO CUE file handling stack buffer overflow attempt (web-client.rules, High) 16735 <-> SPECIFIC-THREATS URSoft W32Dasm Import/Export function buffer overflow attempt (specific-threats.rules, High) 16736 <-> WEB-CLIENT VariCAD multiple products DWB file handling overflow attempt (web-client.rules, High) 16737 <-> SPECIFIC-THREATS Xenorate Media Player XPL file handling overflow attempt - 1 (specific-threats.rules, High) 16738 <-> SPECIFIC-THREATS Xenorate Media Player XPL file handling overflow attempt - 2 (specific-threats.rules, High) Updated rules: 2180 <-> P2P BitTorrent announce request (p2p.rules, High) 2318 <-> MISC CVS non-relative path access attempt (misc.rules, Medium) 2348 <-> DELETED NETBIOS SMB-DS DCERPC print spool bind attempt (deleted.rules, Low) 16202 <-> DELETED WEB-MISC Microsoft Active Directory LDAP query DoS attempt (deleted.rules, Medium) 16684 <-> DOS Samba smbd Session Setup AndX security blob length dos attempt (dos.rules, Medium) 16688 <-> EXPLOIT iscsi target format string code execution attempt (exploit.rules, High)
