Sourcefire VRT Rules Update

Date: 2011-02-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.0.4.

The format of the file is:

sid - Message (rule group, priority)

New rules:
18460 <-> WEB-MISC Symantec Alert Management System pin number buffer overflow attempt (web-misc.rules, High)
18461 <-> SMTP IBM Lotus Domino iCalendar Email Address Stack Buffer Overflow Vulnerability (smtp.rules, High)
18462 <-> SPECIFIC-THREATS Microsoft Windows 2003 browser election remote heap overflow attempt (specific-threats.rules, High)

Updated rules:
5910 <-> DELETED SPYWARE-PUT Trackware casalemedia runtime detection (deleted.rules, Medium)
14615 <-> EXPLOIT Sun Java web console format string attempt (exploit.rules, High)
17111 <-> SPECIFIC-THREATS Microsoft Video ActiveX Control stack buffer overflow attempt (specific-threats.rules, High)
18372 <-> BLACKLIST USER-AGENT known malicious user-agent string contype (blacklist.rules, High)