Sourcefire VRT Rules Update

Date: 2011-01-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.6.0.

The format of the file is:

sid - Message (rule group, priority)

New rules:
18244 <-> WEB-CLIENT Sun Java browswer plugin docbase overflow attempt (web-client.rules, High)
18245 <-> SPECIFIC-THREATS Sun Java browswer plugin docbase overflow attempt (specific-threats.rules, High)
18246 <-> WEB-CLIENT Microsoft Windows Fax Services Cover Page Editor overflow attempt (web-client.rules, High)
18247 <-> BLACKLIST USER-AGENT known malicious User-Agent ErrCode - W32/Fujacks.htm (blacklist.rules, High)
18248 <-> EXPLOIT Unisys Business Information Server stack buffer overflow attempt (exploit.rules, High)

Updated rules:
1498 <-> DELETED WEB-MISC PIX firewall manager directory traversal attempt (deleted.rules, High)
1858 <-> WEB-MISC CISCO PIX Firewall Manager directory traversal attempt (web-misc.rules, Medium)
2972 <-> DELETED NETBIOS SMB D$ andx share access (deleted.rules, Low)
3192 <-> WEB-CLIENT Windows Media Player directory traversal via Content-Disposition attempt (web-client.rules, High)
9848 <-> WEB-CLIENT Vector Markup Language recolorinfo tag numfills parameter buffer overflow attempt (web-client.rules, High)
9849 <-> WEB-CLIENT Vector Markup Language recolorinfo tag numcolors parameter buffer overflow attempt (web-client.rules, High)
13816 <-> SPECIFIC-THREATS Metasploit Framework xmlrpc.php command injection attempt (specific-threats.rules, High)
15512 <-> NETBIOS DCERPC NCACN-IP-TCP rpcss2 _RemoteGetClassObject attempt (netbios.rules, Low)
15513 <-> NETBIOS DCERPC NCADG-IP-UDP rpcss2 _RemoteGetClassObject attempt (netbios.rules, Low)
16692 <-> WEB-CLIENT BlazeVideo BlazeDVD PLF playlist file name buffer overflow attempt (web-client.rules, High)