Sourcefire VRT Rules Update

Date: 2011-11-10

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.1.0.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:20543 <-> ENABLED <-> EXPLOIT Microsoft Windows IppRateLimitIcmp integer overflow exploit attempt (exploit.rules)
 * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules)
 * 1:20545 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player SWF embedded font null pointer attempt (specific-threats.rules)
 * 1:20546 <-> ENABLED <-> EXPLOIT BakBone NetVault client heap overflow attempt (exploit.rules)
 * 1:20547 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player overlapping record overflow attempt (specific-threats.rules)
 * 1:20548 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player recursive doaction stack exhaustion (specific-threats.rules)
 * 1:20549 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript bytecode type confusion attempt (specific-threats.rules)
 * 1:20550 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player Mover3D clipping exploit (specific-threats.rules)
 * 1:20551 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player Stage 3D texture format overflow attempt (specific-threats.rules)

Modified Rules:


 * 1:19105 <-> ENABLED <-> EXPLOIT HP Data Protector Manager MMD service buffer overflow attempt (exploit.rules)
 * 1:2435 <-> ENABLED <-> FILE-IDENTIFY Microsoft emf file download request (file-identify.rules)
 * 1:12081 <-> ENABLED <-> EXPLOIT BakBone NetVault server heap overflow attempt (exploit.rules)
 * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detection (file-identify.rules)
 * 1:16475 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v4 file magic detection (file-identify.rules)
 * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detection (file-identify.rules)
 * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detection (file-identify.rules)
 * 1:20507 <-> ENABLED <-> FILE-IDENTIFY shockwave file magic detection (file-identify.rules)
 * 1:20508 <-> ENABLED <-> FILE-IDENTIFY shockwave file magic detection (file-identify.rules)
 * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules)
 * 1:17510 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Deploy file download request (file-identify.rules)
 * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detection (file-identify.rules)
 * 1:15575 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detection (file-identify.rules)
 * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:13926 <-> DISABLED <-> EXPLOIT Novell Groupwise HTTP response message parsing overflow (exploit.rules)
 * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules)
 * 1:12197 <-> DISABLED <-> EXPLOIT CA message queuing server buffer overflow attempt (exploit.rules)
 * 1:20471 <-> DISABLED <-> FILE-IDENTIFY RIFX file magic detection (file-identify.rules)
 * 1:20495 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detection (file-identify.rules)
 * 1:19011 <-> DISABLED <-> WEB-CLIENT Adobe Shockwave Player Lnam chunk processing buffer overflow attempt (web-client.rules)
 * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detection (file-identify.rules)
 * 1:18275 <-> ENABLED <-> FILE-IDENTIFY HyperText Markup Language file download request (file-identify.rules)
 * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules)
 * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detection (file-identify.rules)
 * 1:17407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows help file download request (file-identify.rules)
 * 1:20470 <-> DISABLED <-> FILE-IDENTIFY RIFF file magic detection (file-identify.rules)
 * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:17753 <-> ENABLED <-> MULTIMEDIA Windows Media Player network sharing service RTSP code execution attempt  (multimedia.rules)
 * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detection (file-identify.rules)
 * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules)
 * 1:16008 <-> ENABLED <-> WEB-MISC excessive HTTP 304 Not Modified responses exploit attempt (web-misc.rules)
 * 1:18555 <-> ENABLED <-> MISC VERITAS NetBackup java authentication service format string exploit attempt (misc.rules)
 * 1:18710 <-> ENABLED <-> SPECIFIC-THREATS McAfee ePolicy Orchestrator Framework Services buffer overflow attempt (specific-threats.rules)
 * 1:18632 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel malformed Label record exploit attempt (web-client.rules)
 * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules)
 * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules)
 * 1:2922 <-> DISABLED <-> DNS TCP inverse query (dns.rules)