Snort :: Changes 2008-11-04

Sourcefire VRT Rules Update

Date: 2008-11-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.

The format of the file is:

sid - Message (rule group)

New rules:
14986 <-> SHELLCODE x86 fldz get eip shellcode (shellcode.rules)
14987 <-> NETBIOS SMB netdfs unicode little endian bind attempt (netbios.rules)
14988 <-> NETBIOS SMB netdfs NetrDfsEnum unicode little endian attempt (netbios.rules)
14989 <-> WEB-MISC Novell eDirectory SOAP Accept Language header overflow attempt (web-misc.rules)
14990 <-> WEB-MISC Novell eDirectory SOAP Accept Charset header overflow attempt (web-misc.rules)
14991 <-> SQL IBM DB2 Universal Database xmlquery buffer overflow attempt (sql.rules)
14992 <-> WEB-MISC Openwsman HTTP basic authentication buffer overflow attempt (web-misc.rules)

Updated rules:
2433 <-> WEB-CGI MDaemon form2raw.cgi overflow attempt (web-cgi.rules)

Snort

Sourcefire VRT Rules Update

Date: 2008-11-04

Snort Links

Community

Sourcefire