Sourcefire VRT Rules Update
Date: 2010-08-18
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.6.1.
The format of the file is:
sid - Message (rule group, priority)
New rules: 17143 <-> WEB-CLIENT Adobe Photoshop CS4 ABR file processing buffer overflow attempt - 1 (web-client.rules, High) 17144 <-> WEB-CLIENT Adobe Photoshop CS4 ABR file processing buffer overflow attempt - 2 (web-client.rules, High) 17145 <-> WEB-CLIENT Adobe Photoshop CS4 ASL file processing buffer overflow attempt (web-client.rules, High) 17146 <-> WEB-CLIENT Adobe Photoshop CS4 GRD file processing buffer overflow attempt (web-client.rules, High) 17147 <-> SPECIFIC-THREATS Adobe Photoshop CS4 ABR file processing buffer overflow attempt (specific-threats.rules, High) 17148 <-> WEB-CLIENT VideoLAN VLC renamed zip file handling code execution attempt - 1 (web-client.rules, High) 17149 <-> WEB-CLIENT VideoLAN VLC renamed zip file handling code execution attempt - 2 (web-client.rules, High) 17150 <-> WEB-CLIENT VideoLAN VLC renamed zip file handling code execution attempt - 3 (web-client.rules, High) 17151 <-> SPECIFIC-THREATS Samba smbd flags2 header parsing denial of service attempt - 1 (specific-threats.rules, Medium) 17152 <-> SPECIFIC-THREATS Samba smbd flags2 header parsing denial of service attempt - 2 (specific-threats.rules, Medium) 17153 <-> WEB-CLIENT Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (web-client.rules, High) 17154 <-> WEB-CLIENT Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (web-client.rules, High) 17155 <-> SPECIFIC-THREATS Multiple vendors OPIE off-by-one stack buffer overflow attempt (specific-threats.rules, High) 17156 <-> EXPLOIT HP Performance Manager Apache Tomcat policy bypass attempt (exploit.rules, High) 17157 <-> WEB-MISC HP Intelligent Management Center database credentials information disclosure attempt - 1 (web-misc.rules, High) 17158 <-> WEB-MISC HP Intelligent Management Center database credentials information disclosure attempt - 2 (web-misc.rules, High) 17159 <-> WEB-MISC HP Intelligent Management Center database credentials information disclosure attempt - 3 (web-misc.rules, High) 17160 <-> SPECIFIC-THREATS Liquid XML Studio LtXmlComHelp8.dll ActiveX OpenFile buffer overflow attempt (specific-threats.rules, High) 17161 <-> WEB-ACTIVEX Liquid XML Studio ActiveX clsid access (web-activex.rules, High) 17162 <-> WEB-ACTIVEX Liquid XML Studio ActiveX clsid unicode access (web-activex.rules, High) 17163 <-> WEB-ACTIVEX Liquid XML Studio ActiveX function call access (web-activex.rules, High) 17164 <-> WEB-ACTIVEX Liquid XML Studio ActiveX function call unicode access (web-activex.rules, High) 17165 <-> WEB-CLIENT Opera browser document writing uninitialized memory access attempt (web-client.rules, High) 17166 <-> WEB-CLIENT Mozilla multiple products JavaScript string replace buffer overflow attempt (web-client.rules, High) Updated rules: 13473 <-> EXPLOIT Microsoft Publisher file download (exploit.rules, Low) 13523 <-> WEB-ACTIVEX Novell iPrint ActiveX clsid access (web-activex.rules, High) 13524 <-> WEB-ACTIVEX Novell iPrint ActiveX clsid unicode access (web-activex.rules, High) 13525 <-> WEB-ACTIVEX Novell iPrint ActiveX function call access (web-activex.rules, High) 13526 <-> WEB-ACTIVEX Novell iPrint ActiveX function call unicode access (web-activex.rules, High) 15709 <-> WEB-CLIENT Adobe Acrobat and Adobe Reader FlateDecode integer overflow attempt (web-client.rules, High) 16051 <-> SPECIFIC-THREATS Microsoft Publisher 2007 conversion library code execution attempt (specific-threats.rules, High)
