Sourcefire VRT Rules Update
Date: 2011-01-13
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.6.1.
The format of the file is:
sid - Message (rule group, priority)
New rules: 18282 <-> WEB-CLIENT Microsoft Internet Explorer drag-and-drop vulnerability (web-client.rules, High) 18283 <-> SPECIFIC-THREATS Oracle WebLogic Apache Connector buffer overflow attempt (specific-threats.rules, High) 18284 <-> WEB-MISC Microsoft Office XP URL Handling Buffer Overflow attempt (web-misc.rules, High) 18285 <-> NETBIOS BrightStor ARCserve backup tape engine buffer overflow attempt (netbios.rules, High) 18286 <-> SPECIFIC-THREATS Mozilla products element style change memory corruption code execution attempt (specific-threats.rules, High) 18287 <-> SPECIFIC-THREATS Apache Tomcat JK Web Server Connector long URL stack overflow attempt (specific-threats.rules, High) 18288 <-> SCADA RealWin SPC_INITIALIZE oversized packet buffer overflow (scada.rules, High) 18289 <-> SCADA RealWin SPC_INITIALIZE_RF oversized packet buffer overflow (scada.rules, High) 18290 <-> SCADA RealWin SPC_TXTEVENT oversized packet buffer overflow (scada.rules, High) 18291 <-> MISC Arkeia Network Backup Client Buffer Overflow Type 77 Attempt (misc.rules, High) 18292 <-> MISC Arkeia Network Backup Client Buffer Overflow Type 84 Attempt (misc.rules, High) 18293 <-> SPECIFIC-THREATS Secure Backup login.php uname variable based command injection attempt (specific-threats.rules, High) 18294 <-> SPECIFIC-THREATS Apple Safari Webkit floating point buffer overflow attempt (specific-threats.rules, High) 18295 <-> SPECIFIC-THREATS Apple Safari Webkit floating point buffer overflow attempt (specific-threats.rules, High) 18296 <-> SPECIFIC-THREATS Mozilla products frame comment objects manipulation memory corruption attempt (specific-threats.rules, High) Updated rules: 2349 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters attempt (netbios.rules, Low) 10018 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt (netbios.rules, Low) 10030 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt (netbios.rules, High) 12198 <-> SNMP MS Windows getbulk request (snmp.rules, High) 13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules, High) 13519 <-> EXPLOIT Citrix MetaFrame IMA buffer overflow attempt (exploit.rules, High) 13523 <-> WEB-ACTIVEX Novell iPrint ActiveX clsid access (web-activex.rules, High) 13525 <-> WEB-ACTIVEX Novell iPrint ActiveX function call access (web-activex.rules, High) 13843 <-> EXPLOIT MaxDB WebDBM get buffer overflow (exploit.rules, High) 14270 <-> WEB-ACTIVEX VieLib2.Vie2Locator ActiveX clsid access (web-activex.rules, High) 14607 <-> EXPLOIT CA Brightstor SUN RPC malformed string buffer overflow attempt (exploit.rules, High) 15434 <-> WEB-MISC HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt (web-misc.rules, High) 17232 <-> WEB-CLIENT Microsoft Kodak Imaging large offset malformed tiff - big-endian (web-client.rules, High)
