Sourcefire VRT Rules Update

Date: 2010-06-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8_6_0.

The format of the file is:

sid - Message (rule group, priority)

New rules:
16711 <-> SPECIFIC-THREATS E-Book Systems FlipViewer FlipViewerX.dll ActiveX multiple buffer overflow attempt (specific-threats.rules, High)
16712 <-> WEB-MISC HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET (web-misc.rules, High)
16713 <-> WEB-MISC HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST (web-misc.rules, High)
16714 <-> SPECIFIC-THREATS SoftArtisans XFile FileManager ActiveX Control buffer overflow attempt (specific-threats.rules, High)
16715 <-> SPECIFIC-THREATS SaschArt SasCam Webcam Server ActiveX control exploit attempt (specific-threats.rules, High)
16716 <-> WEB-CLIENT Sun Java Web Start Splashscreen PNG processing buffer overflow attempt (web-client.rules, High)
16717 <-> ORACLE Oracle Secure Enterprise Search search_p_groups cross-site scripting attempt (oracle.rules, High)
16718 <-> EXPLOIT Skype URI handler input validation exploit attempt (exploit.rules, Medium)
16719 <-> WEB-CLIENT CA multiple product AV engine CAB header parsing stack overflow attempt (web-client.rules, High)
16720 <-> WEB-CLIENT VideoLAN VLC Media Player TY processing buffer overflow attempt (web-client.rules, High)
16721 <-> WEB-CLIENT Orbital Viewer .orb stack buffer overflow attempt (web-client.rules, High)
16722 <-> ORACLE Oracle Database Server DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE procedure SQL injection attempt (oracle.rules, High)
16723 <-> ORACLE Oracle Database Server DBMS_CDC_PUBLISH.ALTER_CHANGE_SOURCE procedure SQL injection attempt (oracle.rules, High)
16724 <-> EXPLOIT Linux kernel sctp_process_unk_param SCTPChunkInit buffer overflow attempt (exploit.rules, High)
16725 <-> SPECIFIC-THREATS ActivePDF WebGrabber APWebGrb.ocx GetStatus method overflow attempt (specific-threats.rules, High)
16726 <-> WEB-CLIENT gAlan malformed file stack overflow attempt (web-client.rules, High)
16727 <-> WEB-CLIENT IDEAL Administration IPJ file handling stack overflow attempt (web-client.rules, High)
16729 <-> SPECIFIC-THREATS McAfee Remediation client ActiveX control buffer overflow attempt (specific-threats.rules, High)
16730 <-> WEB-CLIENT ProShow Gold PSH file handling overflow attempt (web-client.rules, High)
16731 <-> SPECIFIC-THREATS ProShow Gold PSH file handling overflow attempt (specific-threats.rules, High)
16732 <-> WEB-CLIENT SafeNet SoftRemote multiple policy file local overflow attempt (web-client.rules, High)
16733 <-> WEB-CLIENT UltraISO CCD file handling overflow attempt (web-client.rules, High)
16734 <-> WEB-CLIENT UltraISO CUE file handling stack buffer overflow attempt (web-client.rules, High)
16735 <-> SPECIFIC-THREATS URSoft W32Dasm Import/Export function buffer overflow attempt (specific-threats.rules, High)
16736 <-> WEB-CLIENT VariCAD multiple products DWB file handling overflow attempt (web-client.rules, High)
16737 <-> SPECIFIC-THREATS Xenorate Media Player XPL file handling overflow attempt - 1 (specific-threats.rules, High)
16738 <-> SPECIFIC-THREATS Xenorate Media Player XPL file handling overflow attempt - 2 (specific-threats.rules, High)

Updated rules:
2180 <-> P2P BitTorrent announce request (p2p.rules, High)
2318 <-> MISC CVS non-relative path access attempt (misc.rules, Medium)
2348 <-> DELETED NETBIOS SMB-DS DCERPC print spool bind attempt (deleted.rules, Low)
16202 <-> DELETED WEB-MISC Microsoft Active Directory LDAP query DoS attempt (deleted.rules, Medium)
16684 <-> DOS Samba smbd Session Setup AndX security blob length dos attempt  (dos.rules, Medium)
16688 <-> EXPLOIT iscsi target format string code execution attempt (exploit.rules, High)