Sourcefire VRT Rules Update

Date: 2011-01-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.0.1.

The format of the file is:

sid - Message (rule group, priority)

New rules:
18282 <-> WEB-CLIENT Microsoft Internet Explorer drag-and-drop vulnerability (web-client.rules, High)
18283 <-> SPECIFIC-THREATS Oracle WebLogic Apache Connector buffer overflow attempt (specific-threats.rules, High)
18284 <-> WEB-MISC Microsoft Office XP URL Handling Buffer Overflow attempt (web-misc.rules, High)
18285 <-> NETBIOS BrightStor ARCserve backup tape engine buffer overflow attempt (netbios.rules, High)
18286 <-> SPECIFIC-THREATS Mozilla products element style change memory corruption code execution attempt (specific-threats.rules, High)
18287 <-> SPECIFIC-THREATS Apache Tomcat JK Web Server Connector long URL stack overflow attempt (specific-threats.rules, High)
18288 <-> SCADA RealWin SPC_INITIALIZE oversized packet buffer overflow (scada.rules, High)
18289 <-> SCADA RealWin SPC_INITIALIZE_RF oversized packet buffer overflow (scada.rules, High)
18290 <-> SCADA RealWin SPC_TXTEVENT oversized packet buffer overflow (scada.rules, High)
18291 <-> MISC Arkeia Network Backup Client Buffer Overflow Type 77 Attempt (misc.rules, High)
18292 <-> MISC Arkeia Network Backup Client Buffer Overflow Type 84 Attempt (misc.rules, High)
18293 <-> SPECIFIC-THREATS Secure Backup login.php uname variable based command injection attempt (specific-threats.rules, High)
18294 <-> SPECIFIC-THREATS Apple Safari Webkit floating point buffer overflow attempt (specific-threats.rules, High)
18295 <-> SPECIFIC-THREATS Apple Safari Webkit floating point buffer overflow attempt (specific-threats.rules, High)
18296 <-> SPECIFIC-THREATS Mozilla products frame comment objects manipulation memory corruption attempt (specific-threats.rules, High)

Updated rules:
2349 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters attempt (netbios.rules, Low)
10018 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt (netbios.rules, Low)
10030 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt (netbios.rules, High)
12198 <-> SNMP MS Windows getbulk request (snmp.rules, High)
13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules, High)
13519 <-> EXPLOIT Citrix MetaFrame IMA buffer overflow attempt (exploit.rules, High)
13523 <-> WEB-ACTIVEX Novell iPrint ActiveX clsid access (web-activex.rules, High)
13525 <-> WEB-ACTIVEX Novell iPrint ActiveX function call access (web-activex.rules, High)
13843 <-> EXPLOIT MaxDB WebDBM get buffer overflow (exploit.rules, High)
14270 <-> WEB-ACTIVEX VieLib2.Vie2Locator ActiveX clsid access (web-activex.rules, High)
14607 <-> EXPLOIT CA Brightstor SUN RPC malformed string buffer overflow attempt (exploit.rules, High)
15434 <-> WEB-MISC HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt (web-misc.rules, High)
17232 <-> WEB-CLIENT Microsoft Kodak Imaging large offset malformed tiff - big-endian (web-client.rules, High)