Sourcefire VRT Rules Update
Date: 2007-11-13
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.
The format of the file is:
sid - Message (rule group)
New rules: 12707 <-> WEB-CLIENT RealNetworks RealPlayer lyrics heap overflow attempt (web-client.rules) 12708 <-> RPC MIT Kerberos kadmind auth buffer overflow attempt (rpc.rules) 12709 <-> SPECIFIC-THREATS ASN.1 constructed bit string (specific-threats.rules) 12710 <-> SPECIFIC-THREATS ASN.1 constructed bit string (specific-threats.rules) 12711 <-> WEB-MISC Apache Tomcat WebDAV system tag remote file disclosure attempt (web-misc.rules) 12712 <-> SNMP oversized sysName set request (snmp.rules) 12713 <-> ORACLE pitrig_dropmetadata buffer overflow attempt (oracle.rules) Updated rules: 5804 <-> DELETED SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - ads (deleted.rules) 5932 <-> SPYWARE-PUT Adware cashbar runtime detection - stats track (spyware-put.rules) 11968 <-> VOIP-SIP Inbound INVITE Message (voip.rules) 11973 <-> VOIP-SIP Via Header Hostname Buffer Overflow Attempt (voip.rules) 12643 <-> WEB-CLIENT URI External handler arbitrary command attempt (web-client.rules) 12680 <-> VOIP-SIP Via Header Hostname Buffer Overflow Attempt - TCP (voip.rules) 12687 <-> WEB-CLIENT Microsoft Windows ShellExecute and IE7 url handling code execution attempt (web-client.rules) 12688 <-> WEB-CLIENT Microsoft Windows ShellExecute and IE7 url handling code execution attempt (web-client.rules)
