Sourcefire VRT Rules Update

Date: 2011-12-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.2.0.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:20813 <-> ENABLED <-> TELNET FreeBSD telnetd dec_keyid overflow attempt (telnet.rules)
 * 1:20812 <-> ENABLED <-> TELNET FreeBSD telnetd enc_keyid overflow attempt (telnet.rules)
 * 1:20811 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer contenteditable corruption attempt (web-client.rules)
 * 1:20810 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer contenteditable corruption attempt (web-client.rules)
 * 1:20809 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer contenteditable corruption attempt (web-client.rules)
 * 1:20808 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer contenteditable corruption attempt (web-client.rules)
 * 1:20807 <-> ENABLED <-> SMTP Microsoft Internet Explorer contenteditable corruption attempt (smtp.rules)
 * 1:20806 <-> ENABLED <-> SMTP Microsoft Internet Explorer contenteditable corruption attempt (smtp.rules)
 * 1:20805 <-> ENABLED <-> SMTP Microsoft Internet Explorer contenteditable corruption attempt (smtp.rules)
 * 1:20804 <-> ENABLED <-> SMTP Microsoft Internet Explorer contenteditable corruption attempt (smtp.rules)
 * 1:20803 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript callMethod type confusion attempt (specific-threats.rules)

Modified Rules:


 * 1:20131 <-> ENABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript callMethod type confusion attempt (specific-threats.rules)
 * 1:20766 <-> ENABLED <-> SMTP Microsoft Internet Explorer contenteditable corruption attempt (smtp.rules)
 * 1:19237 <-> ENABLED <-> WEB-CLIENT Microsoft Internet Explorer contenteditable corruption attempt (web-client.rules)