Sourcefire VRT Rules Update
Date: 2010-08-25
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.6.1.
The format of the file is:
sid - Message (rule group, priority)
New rules: 10126 <-> WEB-CLIENT QuickTime JPEG Huffman Table integer underflow attempt (web-client.rules, High) 15010 <-> EXPLOIT BEA WebLogic jsessionid buffer overflow attempt (exploit.rules, High) 17167 <-> WEB-ACTIVEX Oracle Siebel Option Pack 1 ActiveX clsid access (web-activex.rules, High) 17168 <-> WEB-ACTIVEX Oracle Siebel Option Pack 1 ActiveX clsid unicode access (web-activex.rules, High) 17169 <-> WEB-ACTIVEX Oracle Siebel Option Pack 2 ActiveX clsid access (web-activex.rules, High) 17170 <-> WEB-ACTIVEX Oracle Siebel Option Pack 2 ActiveX clsid unicode access (web-activex.rules, High) 17171 <-> WEB-ACTIVEX Oracle Siebel Option Pack 3 ActiveX clsid access (web-activex.rules, High) 17172 <-> WEB-ACTIVEX Oracle Siebel Option Pack 3 ActiveX clsid unicode access (web-activex.rules, High) 17173 <-> WEB-ACTIVEX Oracle Siebel Option Pack 4 ActiveX clsid access (web-activex.rules, High) 17174 <-> WEB-ACTIVEX Oracle Siebel Option Pack 4 ActiveX clsid unicode access (web-activex.rules, High) 17175 <-> WEB-ACTIVEX Oracle Siebel Option Pack 5 ActiveX clsid access (web-activex.rules, High) 17176 <-> WEB-ACTIVEX Oracle Siebel Option Pack 5 ActiveX clsid unicode access (web-activex.rules, High) 17177 <-> WEB-ACTIVEX Oracle Siebel Option Pack 6 ActiveX clsid access (web-activex.rules, High) 17178 <-> WEB-ACTIVEX Oracle Siebel Option Pack 6 ActiveX clsid unicode access (web-activex.rules, High) 17205 <-> RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (rpc.rules, High) 17206 <-> RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp (rpc.rules, High) 17207 <-> EXPLOIT IBM Cognos Server backdoor account remote code execution attempt (exploit.rules, High) 17208 <-> EXPLOIT Squid Proxy HTCP packet processing denial of service attempt (exploit.rules, Medium) 17209 <-> SQL IBM DB2 DATABASE SERVER SQL REPEAT Buffer Overflow (sql.rules, High) Updated rules: 1973 <-> FTP MKD overflow attempt (ftp.rules, High) 1976 <-> FTP RMD overflow attempt (ftp.rules, High) 6250 <-> SPYWARE-PUT Adware hotbar runtime detection - hotbar user-agent (spyware-put.rules, Low) 6251 <-> SPYWARE-PUT Adware hotbar runtime detection - hostie user-agent (spyware-put.rules, Low) 13473 <-> WEB-MISC Microsoft Publisher file download (web-misc.rules, Low) 15569 <-> CHAT Yahoo encrypted login attempt (chat.rules, High) 16481 <-> WEB-CLIENT Opera Content-Length header integer overflow attempt (web-client.rules, High) 17044 <-> SQL WinCC DB default password security bypass attempt (sql.rules, High)
