Sourcefire VRT Rules Update

Date: 2012-04-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.2.0.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:21938 <-> ENABLED <-> BACKDOOR RuggedCom default backdoor login attempt (backdoor.rules)
 * 1:21939 <-> ENABLED <-> TELNET RuggedCom telnet initial banner (telnet.rules)
 * 1:21940 <-> ENABLED <-> FILE-IDENTIFY EMF file magic detected (file-identify.rules)

Modified Rules:


 * 1:20726 <-> DISABLED <-> WEB-MISC F-Secure web console username overflow attempt (web-misc.rules)
 * 1:21292 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer style.position use-after-free memory corruption attempt (web-client.rules)
 * 1:2013 <-> DISABLED <-> MISC CVS invalid module response (misc.rules)
 * 1:20249 <-> ENABLED <-> SPECIFIC-THREATS Java Web Start BasicService arbitrary command execution attempt (specific-threats.rules)
 * 1:18928 <-> DISABLED <-> WEB-CLIENT Apple QuickTime streaming debug error logging buffer overflow attempt (web-client.rules)
 * 1:19926 <-> ENABLED <-> WEB-CLIENT Oracle Java Runtime AWT setDiffICM stack buffer overflow attempt (web-client.rules)
 * 1:18477 <-> DISABLED <-> SPECIFIC-THREATS Lotus Notes MIF viewer statement data overflow 2 (specific-threats.rules)
 * 1:18807 <-> DISABLED <-> DOS OpenLDAP Modrdn RDN NULL string denial of service attempt (dos.rules)
 * 1:16671 <-> DISABLED <-> SPECIFIC-THREATS IBM Lotus Domino Web Access ActiveX exploit attempt (specific-threats.rules)
 * 1:17388 <-> DISABLED <-> WEB-CLIENT OpenOffice EMF file EMR record parsing integer overflow attempt (web-client.rules)
 * 1:16591 <-> DISABLED <-> SPECIFIC-THREATS Oracle EasyMail Objects ActiveX exploit attempt (specific-threats.rules)
 * 1:16608 <-> DISABLED <-> SPECIFIC-THREATS HP Mercury Quality Center SPIDERLib ActiveX buffer overflow attempt (specific-threats.rules)
 * 1:16587 <-> DISABLED <-> SPECIFIC-THREATS Symantec multiple products AeXNSConsoleUtilities buffer overflow attempt (specific-threats.rules)
 * 1:21325 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player cross site request forgery attempt (specific-threats.rules)
 * 1:7199 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel label record overflow attempt (file-office.rules)
 * 1:12983 <-> DISABLED <-> WEB-CLIENT Microsoft Windows DirectX SAMI file CRawParser buffer overflow attempt (web-client.rules)
 * 1:15435 <-> DISABLED <-> EXPLOIT IBM Director CIM server consumer name handling denial of service attempt (exploit.rules)
 * 1:14644 <-> DISABLED <-> WEB-CLIENT Microsoft Internet Explorer cross domain unfocusable HTML element (web-client.rules)
 * 1:21347 <-> ENABLED <-> BLACKLIST URI possible Blackhole URL - .php?page= (blacklist.rules)
 * 1:21378 <-> DISABLED <-> EXPLOIT Novell iPrint attributes-natural-language buffer overflow attempt (exploit.rules)
 * 1:20861 <-> DISABLED <-> EXPLOIT Autodesk Maya dangerous scripting method attempt (exploit.rules)
 * 3:20825 <-> ENABLED <-> DOS generic web server hashing collision attack (dos.rules)