Sourcefire VRT Rules Update

Date: 2010-08-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.6.0.

The format of the file is:

sid - Message (rule group, priority)

New rules:
17143 <-> WEB-CLIENT Adobe Photoshop CS4 ABR file processing buffer overflow attempt - 1 (web-client.rules, High)
17144 <-> WEB-CLIENT Adobe Photoshop CS4 ABR file processing buffer overflow attempt - 2 (web-client.rules, High)
17145 <-> WEB-CLIENT Adobe Photoshop CS4 ASL file processing buffer overflow attempt (web-client.rules, High)
17146 <-> WEB-CLIENT Adobe Photoshop CS4 GRD file processing buffer overflow attempt (web-client.rules, High)
17147 <-> SPECIFIC-THREATS Adobe Photoshop CS4 ABR file processing buffer overflow attempt (specific-threats.rules, High)
17148 <-> WEB-CLIENT VideoLAN VLC renamed zip file handling code execution attempt - 1 (web-client.rules, High)
17149 <-> WEB-CLIENT VideoLAN VLC renamed zip file handling code execution attempt - 2 (web-client.rules, High)
17150 <-> WEB-CLIENT VideoLAN VLC renamed zip file handling code execution attempt - 3 (web-client.rules, High)
17151 <-> SPECIFIC-THREATS Samba smbd flags2 header parsing denial of service attempt - 1 (specific-threats.rules, Medium)
17152 <-> SPECIFIC-THREATS Samba smbd flags2 header parsing denial of service attempt - 2 (specific-threats.rules, Medium)
17153 <-> WEB-CLIENT Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (web-client.rules, High)
17154 <-> WEB-CLIENT Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (web-client.rules, High)
17155 <-> SPECIFIC-THREATS Multiple vendors OPIE off-by-one stack buffer overflow attempt (specific-threats.rules, High)
17156 <-> EXPLOIT HP Performance Manager Apache Tomcat policy bypass attempt (exploit.rules, High)
17157 <-> WEB-MISC HP Intelligent Management Center database credentials information disclosure attempt - 1 (web-misc.rules, High)
17158 <-> WEB-MISC HP Intelligent Management Center database credentials information disclosure attempt - 2 (web-misc.rules, High)
17159 <-> WEB-MISC HP Intelligent Management Center database credentials information disclosure attempt - 3 (web-misc.rules, High)
17160 <-> SPECIFIC-THREATS Liquid XML Studio LtXmlComHelp8.dll ActiveX OpenFile buffer overflow attempt (specific-threats.rules, High)
17161 <-> WEB-ACTIVEX Liquid XML Studio ActiveX clsid access (web-activex.rules, High)
17162 <-> WEB-ACTIVEX Liquid XML Studio ActiveX clsid unicode access (web-activex.rules, High)
17163 <-> WEB-ACTIVEX Liquid XML Studio ActiveX function call access (web-activex.rules, High)
17164 <-> WEB-ACTIVEX Liquid XML Studio ActiveX function call unicode access (web-activex.rules, High)
17165 <-> WEB-CLIENT Opera browser document writing uninitialized memory access attempt (web-client.rules, High)
17166 <-> WEB-CLIENT Mozilla multiple products JavaScript string replace buffer overflow attempt (web-client.rules, High)

Updated rules:
13473 <-> EXPLOIT Microsoft Publisher file download (exploit.rules, Low)
13523 <-> WEB-ACTIVEX Novell iPrint ActiveX clsid access (web-activex.rules, High)
13524 <-> WEB-ACTIVEX Novell iPrint ActiveX clsid unicode access (web-activex.rules, High)
13525 <-> WEB-ACTIVEX Novell iPrint ActiveX function call access (web-activex.rules, High)
13526 <-> WEB-ACTIVEX Novell iPrint ActiveX function call unicode access (web-activex.rules, High)
15709 <-> WEB-CLIENT Adobe Acrobat and Adobe Reader FlateDecode integer overflow attempt (web-client.rules, High)
16051 <-> SPECIFIC-THREATS Microsoft Publisher 2007 conversion library code execution attempt (specific-threats.rules, High)