Sourcefire VRT Rules Update

Date: 2011-04-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.0.3.

The format of the file is:

sid - Message (rule group, priority)

New rules:
18604 <-> SPECIFIC-THREATS lizamoon script injection (specific-threats.rules, Low)

Updated rules:
13989 <-> SQL large number of calls to char function - possible sql injection obfuscation (sql.rules, High)
16707 <-> MYSQL Sun MySQL mysql_log COM_CREATE_DB format string vulnerability exploit attempt (mysql.rules, High)
16708 <-> MYSQL Sun MySQL mysql_log COM_DROP_DB format string vulnerability exploit attempt (mysql.rules, High)
17111 <-> WEB-CLIENT known JavaScript obfuscation routine (web-client.rules, High)
17484 <-> DNS squid proxy dns PTR record response denial of service attempt (dns.rules, Medium)