Sourcefire VRT Rules Update

Date: 2011-09-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.0.5.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:20179 <-> ENABLED <-> WEB-MISC HP OpenView NNM ovlogin.exe CGI userid parameter buffer overflow attempt (web-misc.rules)
 * 1:20177 <-> ENABLED <-> WEB-MISC HP OpenView NNM ovlogin.exe CGI Host parameter buffer overflow attempt (web-misc.rules)
 * 1:20180 <-> ENABLED <-> WEB-MISC HP OpenView NNM ovlogin.exe CGI passwd parameter buffer overflow attempt (web-misc.rules)
 * 1:20175 <-> DISABLED <-> WEB-ACTIVEX Microsoft Remote Desktop Client ActiveX clsid access (web-activex.rules)
 * 1:20176 <-> ENABLED <-> SCADA DAQFactory NETB protcol stack overflow attempt (scada.rules)
 * 1:20173 <-> DISABLED <-> SCADA Cogent DataHub server-side information disclosure (scada.rules)
 * 1:20174 <-> DISABLED <-> SCADA Cogent DataHub server-side information disclosure (scada.rules)
 * 1:20172 <-> DISABLED <-> POLICY Metastock mwl file download (policy.rules)
 * 1:20178 <-> ENABLED <-> SCADA RSLogix rna protocol denial of service attempt (scada.rules)

Modified Rules:


 * 1:20094 <-> DISABLED <-> POLICY IRC message on non-standard port (policy.rules)
 * 1:20093 <-> DISABLED <-> POLICY IRC channel notice on non-standard port (policy.rules)
 * 1:20092 <-> DISABLED <-> POLICY IRC channel join on non-standard port (policy.rules)
 * 1:20090 <-> DISABLED <-> POLICY IRC DCC file transfer request on non-standard port (policy.rules)
 * 1:20091 <-> DISABLED <-> POLICY IRC DCC chat request on non-standard port (policy.rules)
 * 1:20089 <-> DISABLED <-> POLICY IRC nick change on non-standard port (policy.rules)
 * 1:20095 <-> DISABLED <-> POLICY IRC dns request on non-standard port (policy.rules)