Sourcefire VRT Rules Update
Date: 2008-10-20
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.
The format of the file is:
sid - Message (rule group)
New rules: 14741 <-> EXPLOIT Symantec Veritas Foundation Service NULL service authentication attempt (exploit.rules) 14742 <-> SPECIFIC-THREATS Exchange MODPROPS denial of service PoC attempt (specific-threats.rules) 14743 <-> FTP Rhino Software Serv-U Server RNTO directory traversal attempt (ftp.rules) 14744 <-> WEB-CLIENT Hummingbird HostExplorer ActiveX clsid access (web-client.rules) 14745 <-> WEB-CLIENT Hummingbird HostExplorer ActiveX clsid unicode access (web-client.rules) 14746 <-> WEB-CLIENT Autodesk DWF Viewer ActiveX clsid access (web-client.rules) 14747 <-> WEB-CLIENT Autodesk DWF Viewer ActiveX clsid unicode access (web-client.rules) 14748 <-> WEB-CLIENT Autodesk LiveUpdate ActiveX clsid access (web-client.rules) 14749 <-> WEB-CLIENT Autodesk LiveUpdate ActiveX clsid unicode access (web-client.rules) 14750 <-> WEB-CLIENT Autodesk LiveUpdate ActiveX function call access (web-client.rules) 14751 <-> WEB-CLIENT Autodesk LiveUpdate ActiveX function call unicode access (web-client.rules) 14752 <-> WEB-CLIENT Novell ZENworks Desktop Management ActiveX clsid access (web-client.rules) 14753 <-> WEB-CLIENT Novell ZENworks Desktop Management ActiveX clsid unicode access (web-client.rules) 14754 <-> WEB-CLIENT Novell ZENworks Desktop Management ActiveX function call access (web-client.rules) 14755 <-> WEB-CLIENT Novell ZENworks Desktop Management ActiveX function call unicode access (web-client.rules) 14756 <-> WEB-CLIENT Microsoft SQL Server 2000 Client Components ActiveX clsid access (web-client.rules) 14757 <-> WEB-CLIENT Microsoft SQL Server 2000 Client Components ActiveX clsid unicode access (web-client.rules) 14758 <-> WEB-CLIENT Microsoft SQL Server 2000 Client Components ActiveX function call access (web-client.rules) 14759 <-> WEB-CLIENT Microsoft SQL Server 2000 Client Components ActiveX function call unicode access (web-client.rules) 14760 <-> WEB-CLIENT iseemedia LPViewer ActiveX clsid access (web-client.rules) 14761 <-> WEB-CLIENT iseemedia LPViewer ActiveX clsid unicode access (web-client.rules) 14762 <-> WEB-CLIENT iseemedia LPViewer ActiveX function call access (web-client.rules) 14763 <-> WEB-CLIENT iseemedia LPViewer ActiveX function call unicode access (web-client.rules) 14764 <-> WEB-CLIENT Macrovision InstallShield Update Service Agent ActiveX clsid access (web-client.rules) 14765 <-> WEB-CLIENT Macrovision InstallShield Update Service Agent ActiveX clsid unicode access (web-client.rules) 14766 <-> WEB-CLIENT Macrovision InstallShield Update Service Agent ActiveX function call access (web-client.rules) 14767 <-> WEB-CLIENT Macrovision InstallShield Update Service Agent ActiveX function call unicode access (web-client.rules) 14768 <-> MISC Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt (misc.rules) 14769 <-> EXPLOIT DATAC RealWin SCADA System FC_INFOTAG/SET_CONTROL buffer overflow attempt (exploit.rules) 14770 <-> FTP IPswitch WS_FTP client format string attempt (ftp.rules) 14771 <-> WEB-MISC BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow (web-misc.rules) Updated rules: 2381 <-> WEB-MISC alternate schema overflow attempt (web-misc.rules) 2446 <-> EXPLOIT ICQ SRV_MULTI/SRV_META_USER overflow attempt (exploit.rules) 9813 <-> EXPLOIT Symantec NetBackup connect_options buffer overflow attempt (exploit.rules) 9845 <-> WEB-CLIENT M3U File Download Detected (web-client.rules) 9846 <-> WEB-CLIENT VLC Media Player udp URI format string attempt - multipacket (web-client.rules) 11222 <-> SMTP Exchange MODPROPS denial of service attempt (smtp.rules) 12043 <-> DOS Microsoft XML parser IIS WebDAV attack attempt (dos.rules) 12202 <-> SPECIFIC-THREATS Ingres long message heap buffer overflow attempt (specific-threats.rules) 13916 <-> EXPLOIT Alt-N SecurityGateway username buffer overflow attempt (exploit.rules) 14017 <-> WEB-CLIENT MPEG Layer 3 playlist file request (web-client.rules) 14018 <-> WEB-CLIENT PLS multimedia playlist file request (web-client.rules)
