Snort

Sourcefire VRT Rules Update

Date: 2008-11-11

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.

The format of the file is:

sid - Message (rule group)

New rules:
14993 <-> WEB-CLIENT Visagesoft eXPert PDF Viewer ActiveX clsid access (web-client.rules)
14994 <-> WEB-CLIENT Visagesoft eXPert PDF Viewer ActiveX clsid unicode access (web-client.rules)
14995 <-> WEB-CLIENT Visagesoft eXPert PDF Viewer ActiveX function call access (web-client.rules)
14996 <-> WEB-CLIENT Visagesoft eXPert PDF Viewer ActiveX function call unicode access (web-client.rules)
14997 <-> WEB-CLIENT DjVu MSOffice Converter ActiveX clsid access (web-client.rules)
14998 <-> WEB-CLIENT DjVu MSOffice Converter ActiveX clsid unicode access (web-client.rules)
14999 <-> WEB-CLIENT Microsoft Debug Diagnostic Tool ActiveX clsid access (web-client.rules)
15000 <-> WEB-CLIENT Microsoft Debug Diagnostic Tool ActiveX clsid unicode access (web-client.rules)
15001 <-> WEB-CLIENT Microsoft Debug Diagnostic Tool ActiveX function call access (web-client.rules)
15002 <-> WEB-CLIENT Microsoft Debug Diagnostic Tool ActiveX function call unicode access (web-client.rules)
15003 <-> WEB-CLIENT Chilkat Crypt 2 ActiveX clsid access (web-client.rules)
15004 <-> WEB-CLIENT Chilkat Crypt 2 ActiveX clsid unicode access (web-client.rules)
15005 <-> WEB-CLIENT Chilkat Crypt 2 ActiveX function call access (web-client.rules)
15006 <-> WEB-CLIENT Chilkat Crypt 2 ActiveX function call unicode access (web-client.rules)
15007 <-> WEB-CLIENT NOS Microsystems getPlus Download Manager ActiveX clsid access (web-client.rules)
15008 <-> WEB-CLIENT NOS Microsystems getPlus Download Manager ActiveX clsid unicode access (web-client.rules)
15013 <-> WEB-MISC Adobe Portable Document Format file download attempt (web-misc.rules)
15014 <-> WEB-CLIENT Adobe Reader and Acrobat util.printf buffer overflow attempt (web-client.rules)

Updated rules:
3693 <-> WEB-MISC IBM WebSphere j_security_check overflow attempt (web-misc.rules)
6469 <-> EXPLOIT RealVNC connection attempt (exploit.rules)
6470 <-> EXPLOIT RealVNC authentication types sent attempt (exploit.rules)
6471 <-> EXPLOIT RealVNC password authentication bypass vulnerability attempt (exploit.rules)