Sourcefire VRT Rules Update

Date: 2010-08-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.0.0.

The format of the file is:

sid - Message (rule group, priority)

New rules:
10126 <-> WEB-CLIENT QuickTime JPEG Huffman Table integer underflow attempt (web-client.rules, High)
15010 <-> EXPLOIT BEA WebLogic jsessionid buffer overflow attempt (exploit.rules, High)
17167 <-> WEB-ACTIVEX Oracle Siebel Option Pack 1 ActiveX clsid access (web-activex.rules, High)
17168 <-> WEB-ACTIVEX Oracle Siebel Option Pack 1 ActiveX clsid unicode access (web-activex.rules, High)
17169 <-> WEB-ACTIVEX Oracle Siebel Option Pack 2 ActiveX clsid access (web-activex.rules, High)
17170 <-> WEB-ACTIVEX Oracle Siebel Option Pack 2 ActiveX clsid unicode access (web-activex.rules, High)
17171 <-> WEB-ACTIVEX Oracle Siebel Option Pack 3 ActiveX clsid access (web-activex.rules, High)
17172 <-> WEB-ACTIVEX Oracle Siebel Option Pack 3 ActiveX clsid unicode access (web-activex.rules, High)
17173 <-> WEB-ACTIVEX Oracle Siebel Option Pack 4 ActiveX clsid access (web-activex.rules, High)
17174 <-> WEB-ACTIVEX Oracle Siebel Option Pack 4 ActiveX clsid unicode access (web-activex.rules, High)
17175 <-> WEB-ACTIVEX Oracle Siebel Option Pack 5 ActiveX clsid access (web-activex.rules, High)
17176 <-> WEB-ACTIVEX Oracle Siebel Option Pack 5 ActiveX clsid unicode access (web-activex.rules, High)
17177 <-> WEB-ACTIVEX Oracle Siebel Option Pack 6 ActiveX clsid access (web-activex.rules, High)
17178 <-> WEB-ACTIVEX Oracle Siebel Option Pack 6 ActiveX clsid unicode access (web-activex.rules, High)
17205 <-> RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (rpc.rules, High)
17206 <-> RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp (rpc.rules, High)
17207 <-> EXPLOIT IBM Cognos Server backdoor account remote code execution attempt (exploit.rules, High)
17208 <-> EXPLOIT Squid Proxy HTCP packet processing denial of service attempt (exploit.rules, Medium)
17209 <-> SQL IBM DB2 DATABASE SERVER SQL REPEAT Buffer Overflow (sql.rules, High)

Updated rules:
1973 <-> FTP MKD overflow attempt (ftp.rules, High)
1976 <-> FTP RMD overflow attempt (ftp.rules, High)
6250 <-> SPYWARE-PUT Adware hotbar runtime detection - hotbar user-agent (spyware-put.rules, Low)
6251 <-> SPYWARE-PUT Adware hotbar runtime detection - hostie user-agent (spyware-put.rules, Low)
13473 <-> WEB-MISC Microsoft Publisher file download (web-misc.rules, Low)
15569 <-> CHAT Yahoo encrypted login attempt (chat.rules, High)
16481 <-> WEB-CLIENT Opera Content-Length header integer overflow attempt (web-client.rules, High)
17044 <-> SQL WinCC DB default password security bypass attempt (sql.rules, High)