Sourcefire VRT Rules Update

Date: 2011-03-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.0.3.

The format of the file is:

sid - Message (rule group, priority)

New rules:
18556 <-> WEB-MISC Symantec IM manager IMAdminReportTrendFormRun.asp sql injection attempt (web-misc.rules, High)
18557 <-> RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (rpc.rules, High)
18558 <-> RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (rpc.rules, High)
18559 <-> WEB-MISC HP OpenView Performance Insight Server backdoor account code execution attempt (web-misc.rules, High)
18560 <-> WEB-MISC HP OpenView Performance Insight Server backdoor account code execution attempt (web-misc.rules, High)
18561 <-> WEB-CLIENT Apple QuickTime PICT file overread buffer overflow attempt (web-client.rules, High)

Updated rules:
3461 <-> SMTP Content-Type overflow attempt (smtp.rules, High)
6414 <-> WEB-MISC Novell GroupWise Messenger Accept-Language header buffer overflow attempt (web-misc.rules, High)
7033 <-> POLICY GoToMyPC local service running (policy.rules, High)
7034 <-> POLICY GoToMyPC remote control attempt (policy.rules, High)
16820 <-> BOTNET-CNC known command and control channel traffic (botnet-cnc.rules, High)
17543 <-> SPECIFIC-THREATS Microsoft Excel Column record handling memory corruption attempt (specific-threats.rules, High)
18315 <-> NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrValidateName2 overflow attempt (netbios.rules, High)
18316 <-> DELETED SPECIFIC-THREATS NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrValidateName2 attempt (deleted.rules, Low)