Sourcefire VRT Rules Update

Date: 2013-09-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.4.6.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:27944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onlosecapture memory corruption attempt (browser-ie.rules)
 * 1:27943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onlosecapture memory corruption attempt (browser-ie.rules)
 * 1:27942 <-> ENABLED <-> SERVER-WEBAPP Sophos Web Protection Appliance sblistpack arbitrary command execution attempt (server-webapp.rules)
 * 1:27941 <-> ENABLED <-> SERVER-OTHER HP ProCurve Manager SNAC UpdateDomainControllerServlet directory traversal attempt (server-other.rules)
 * 1:27940 <-> ENABLED <-> SERVER-WEBAPP Django web framework oversized password denial of service attempt (server-webapp.rules)
 * 1:27939 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Galock variant connection attempt (malware-cnc.rules)

Modified Rules:


 * 1:20988 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string ZmEu - vulnerability scanner (blacklist.rules)
 * 1:27108 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit malicious jar file downloaded when exe is declared (exploit-kit.rules)
 * 1:16739 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Jukebox playlist file handling heap overflow attempt (file-multimedia.rules)
 * 1:26667 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes playlist overflow attempt (file-multimedia.rules)
 * 1:15472 <-> DISABLED <-> FILE-MULTIMEDIA Multiple MP3 player PLS buffer overflow attempt (file-multimedia.rules)
 * 1:20237 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Jukebox playlist file handling heap overflow attempt (file-multimedia.rules)
 * 1:27777 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:18484 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Playlist Overflow Attempt (file-multimedia.rules)
 * 1:26724 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Playlist Overflow Attempt (file-multimedia.rules)