Sourcefire VRT Rules Update

Date: 2008-07-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.

The format of the file is:

sid - Message (rule group)

New rules:
13923 <-> SMTP MailEnable SMTP HELO command denial of service attempt (smtp.rules)
13924 <-> EXPLOIT Lotus Domino HTTP header overflow attempt (exploit.rules)
13925 <-> FTP Computer Associates eTrust Secure Content Manager PASV stack overflow attempt (ftp.rules)
13926 <-> EXPLOIT Novell Groupwise HTTP response message parsing overflow (exploit.rules)
13927 <-> TFTP Server log generation buffer overflow attempt (tftp.rules)
13928 <-> WEB-MISC Adobe RoboHelp r0 SQL injection attempt (web-misc.rules)
13929 <-> WEB-MISC Adobe RoboHelp rx SQL injection attempt (web-misc.rules)

Updated rules:
 103 <-> BACKDOOR subseven 22 (backdoor.rules)
1002 <-> WEB-IIS cmd.exe access (web-iis.rules)
1661 <-> WEB-IIS cmd32.exe access (web-iis.rules)
12619 <-> EXPLOIT Microsoft Exchange ical/vcal malformed property (exploit.rules)