Sourcefire VRT Rules Update

Date: 2008-10-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.

The format of the file is:

sid - Message (rule group)

New rules:
14741 <-> EXPLOIT Symantec Veritas Foundation Service NULL service authentication attempt (exploit.rules)
14742 <-> SPECIFIC-THREATS Exchange MODPROPS denial of service PoC attempt (specific-threats.rules)
14743 <-> FTP Rhino Software Serv-U Server RNTO directory traversal attempt (ftp.rules)
14744 <-> WEB-CLIENT Hummingbird HostExplorer ActiveX clsid access (web-client.rules)
14745 <-> WEB-CLIENT Hummingbird HostExplorer ActiveX clsid unicode access (web-client.rules)
14746 <-> WEB-CLIENT Autodesk DWF Viewer ActiveX clsid access (web-client.rules)
14747 <-> WEB-CLIENT Autodesk DWF Viewer ActiveX clsid unicode access (web-client.rules)
14748 <-> WEB-CLIENT Autodesk LiveUpdate ActiveX clsid access (web-client.rules)
14749 <-> WEB-CLIENT Autodesk LiveUpdate ActiveX clsid unicode access (web-client.rules)
14750 <-> WEB-CLIENT Autodesk LiveUpdate ActiveX function call access (web-client.rules)
14751 <-> WEB-CLIENT Autodesk LiveUpdate ActiveX function call unicode access (web-client.rules)
14752 <-> WEB-CLIENT Novell ZENworks Desktop Management ActiveX clsid access (web-client.rules)
14753 <-> WEB-CLIENT Novell ZENworks Desktop Management ActiveX clsid unicode access (web-client.rules)
14754 <-> WEB-CLIENT Novell ZENworks Desktop Management ActiveX function call access (web-client.rules)
14755 <-> WEB-CLIENT Novell ZENworks Desktop Management ActiveX function call unicode access (web-client.rules)
14756 <-> WEB-CLIENT Microsoft SQL Server 2000 Client Components ActiveX clsid access (web-client.rules)
14757 <-> WEB-CLIENT Microsoft SQL Server 2000 Client Components ActiveX clsid unicode access (web-client.rules)
14758 <-> WEB-CLIENT Microsoft SQL Server 2000 Client Components ActiveX function call access (web-client.rules)
14759 <-> WEB-CLIENT Microsoft SQL Server 2000 Client Components ActiveX function call unicode access (web-client.rules)
14760 <-> WEB-CLIENT iseemedia LPViewer ActiveX clsid access (web-client.rules)
14761 <-> WEB-CLIENT iseemedia LPViewer ActiveX clsid unicode access (web-client.rules)
14762 <-> WEB-CLIENT iseemedia LPViewer ActiveX function call access (web-client.rules)
14763 <-> WEB-CLIENT iseemedia LPViewer ActiveX function call unicode access (web-client.rules)
14764 <-> WEB-CLIENT Macrovision InstallShield Update Service Agent ActiveX clsid access (web-client.rules)
14765 <-> WEB-CLIENT Macrovision InstallShield Update Service Agent ActiveX clsid unicode access (web-client.rules)
14766 <-> WEB-CLIENT Macrovision InstallShield Update Service Agent ActiveX function call access (web-client.rules)
14767 <-> WEB-CLIENT Macrovision InstallShield Update Service Agent ActiveX function call unicode access (web-client.rules)
14768 <-> MISC Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt (misc.rules)
14769 <-> EXPLOIT DATAC RealWin SCADA System FC_INFOTAG/SET_CONTROL buffer overflow attempt (exploit.rules)
14770 <-> FTP IPswitch WS_FTP client format string attempt (ftp.rules)
14771 <-> WEB-MISC BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow (web-misc.rules)

Updated rules:
2381 <-> WEB-MISC alternate schema overflow attempt (web-misc.rules)
2446 <-> EXPLOIT ICQ SRV_MULTI/SRV_META_USER overflow attempt (exploit.rules)
9813 <-> EXPLOIT Symantec NetBackup connect_options buffer overflow attempt (exploit.rules)
9845 <-> WEB-CLIENT M3U File Download Detected (web-client.rules)
9846 <-> WEB-CLIENT VLC Media Player udp URI format string attempt - multipacket (web-client.rules)
11222 <-> SMTP Exchange MODPROPS denial of service attempt (smtp.rules)
12043 <-> DOS Microsoft XML parser IIS WebDAV attack attempt (dos.rules)
12202 <-> SPECIFIC-THREATS Ingres long message heap buffer overflow attempt (specific-threats.rules)
13916 <-> EXPLOIT Alt-N SecurityGateway username buffer overflow attempt (exploit.rules)
14017 <-> WEB-CLIENT MPEG Layer 3 playlist file request (web-client.rules)
14018 <-> WEB-CLIENT PLS multimedia playlist file request (web-client.rules)