Sourcefire VRT Rules Update

Date: 2011-05-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.6.1.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:19125 <-> ENABLED <-> DOS ISC BIND DNSSEC authority response record overflow attempt (dos.rules)
 * 1:19126 <-> ENABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer IVR handling heap buffer overflow attempt (specific-threats.rules)
 * 1:19129 <-> ENABLED <-> MULTIMEDIA realplayer .r1m download attempt (multimedia.rules)
 * 1:19128 <-> ENABLED <-> MULTIMEDIA realplayer .rec download attempt (multimedia.rules)
 * 1:19124 <-> ENABLED <-> SPECIFIC-THREATS Apache mod_isapi dangling pointer exploit attempt (specific-threats.rules)
 * 1:19127 <-> ENABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer IVR handling heap buffer overflow attempt (specific-threats.rules)

Modified Rules:


 * 1:16309 <-> ENABLED <-> ORACLE auth_sesskey buffer overflow attempt (oracle.rules)
 * 1:14020 <-> DISABLED <-> WEB-CLIENT CyberLink PowerDVD playlist file handling stack overflow attempt (web-client.rules)
 * 1:14018 <-> ENABLED <-> WEB-CLIENT PLS multimedia playlist file request (web-client.rules)
 * 1:18483 <-> ENABLED <-> WEB-CLIENT Apple iTunes Playlist Overflow Attempt (web-client.rules)
 * 1:19051 <-> ENABLED <-> BOTNET-CNC Trojan Win32.Murofet.A outbound connection (botnet-cnc.rules)
 * 1:16344 <-> ENABLED <-> SPECIFIC-THREATS Mozilla Firefox top-level script object offset calculation memory corruption attempt (specific-threats.rules)
 * 1:16716 <-> ENABLED <-> WEB-CLIENT Sun Java Web Start Splashscreen PNG processing buffer overflow attempt (web-client.rules)
 * 3:17123 <-> ENABLED <-> WEB-CLIENT rich text format invalid field size memory corruption attempt (web-client.rules)