Sourcefire VRT Rules Update
Date: 2011-03-22
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.0.3.
The format of the file is:
sid - Message (rule group, priority)
New rules: 18556 <-> WEB-MISC Symantec IM manager IMAdminReportTrendFormRun.asp sql injection attempt (web-misc.rules, High) 18557 <-> RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (rpc.rules, High) 18558 <-> RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (rpc.rules, High) 18559 <-> WEB-MISC HP OpenView Performance Insight Server backdoor account code execution attempt (web-misc.rules, High) 18560 <-> WEB-MISC HP OpenView Performance Insight Server backdoor account code execution attempt (web-misc.rules, High) 18561 <-> WEB-CLIENT Apple QuickTime PICT file overread buffer overflow attempt (web-client.rules, High) Updated rules: 3461 <-> SMTP Content-Type overflow attempt (smtp.rules, High) 6414 <-> WEB-MISC Novell GroupWise Messenger Accept-Language header buffer overflow attempt (web-misc.rules, High) 7033 <-> POLICY GoToMyPC local service running (policy.rules, High) 7034 <-> POLICY GoToMyPC remote control attempt (policy.rules, High) 16820 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High) 17543 <-> SPECIFIC-THREATS Microsoft Excel Column record handling memory corruption attempt (specific-threats.rules, High) 18315 <-> NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrValidateName2 overflow attempt (netbios.rules, High) 18316 <-> DELETED SPECIFIC-THREATS NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrValidateName2 attempt (deleted.rules, Low)
