Sourcefire VRT Rules Update

Date: 2011-05-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.6.1.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:18961 <-> ENABLED <-> WEB-CLIENT MSXML2 ActiveX malformed HTTP response (web-client.rules)
 * 1:18959 <-> DISABLED <-> WEB-MISC VMware SpringSource Spring Framework class.classloader remote code execution attempt (web-misc.rules)
 * 1:18965 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash file ActionScript 2 ActionJump remote code execution attempt (specific-threats.rules)
 * 1:18964 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash file DefineFont4 remote code execution attempt (specific-threats.rules)
 * 1:18962 <-> ENABLED <-> WEB-CLIENT MSXML2 ActiveX malformed HTTP response (web-client.rules)
 * 1:18960 <-> DISABLED <-> WEB-CGI Novell GroupWise agents HTTP request remote code execution attempt (web-cgi.rules)
 * 1:18963 <-> ENABLED <-> SPECIFIC-THREATS Adobe ActionScript 3 addEventListener exploit attempt (specific-threats.rules)
 * 1:18966 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash file DefineFont4 remote code execution attempt (specific-threats.rules)
 * 1:18967 <-> ENABLED <-> SPECIFIC-THREATS Adobe ActionScript argumentCount download attempt (specific-threats.rules)
 * 1:18968 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash ActionScript3 stack integer overflow attempt (specific-threats.rules)
 * 1:18958 <-> ENABLED <-> SPECIFIC-THREAT Apple Safari Webkit attribute child removal code execution attempt (specific-threats.rules)
 * 1:18957 <-> ENABLED <-> SPECIFIC-THREAT Apple Safari Webkit attribute child removal code execution attempt (specific-threats.rules)
 * 1:18970 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player null pointer dereference attempt (specific-threats.rules)
 * 1:18971 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash beginGradientfill improper color validation attempt (specific-threats.rules)
 * 1:18969 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript ActionIf integer overflow attempt (specific-threats.rules)

Modified Rules:


 * 1:13523 <-> ENABLED <-> WEB-ACTIVEX Novell iPrint ActiveX clsid access (web-activex.rules)
 * 1:13525 <-> ENABLED <-> WEB-ACTIVEX Novell iPrint ActiveX function call access (web-activex.rules)
 * 1:16603 <-> DISABLED <-> WEB-CLIENT Adobe Reader Linux malformed U3D mesh deceleration block exploit attempt (web-client.rules)
 * 1:18244 <-> ENABLED <-> WEB-CLIENT Sun Java browser plugin docbase overflow attempt (web-client.rules)
 * 1:18245 <-> ENABLED <-> SPECIFIC-THREATS Sun Java browser plugin docbase overflow attempt (specific-threats.rules)
 * 3:17130 <-> ENABLED <-> WEB-CLIENT IE boundElements arbitrary code execution (web-client.rules)