Snort :: Changes 2009-02-20

Sourcefire VRT Rules Update

Date: 2009-02-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.
The format of the file is:
sid - Message (rule group, priority)
Updated rules:
13901 <-> NETBIOS SMB server response heap overflow attempt (netbios.rules, High)
15143 <-> SQL sp_replwritetovarbin unicode vulnerable function attempt (sql.rules, High)
15144 <-> SQL sp_replwritetovarbin vulnerable function attempt (sql.rules, High)
15319 <-> NETBIOS-DG SMB /sql/query create tree attempt (netbios.rules, Low)
15320 <-> NETBIOS-DG SMB /sql/query unicode create tree attempt (netbios.rules, Low)
15321 <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules, Low)
15322 <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules, Low)
15323 <-> NETBIOS-DG SMB /sql/query andx create tree attempt (netbios.rules, Low)
15324 <-> NETBIOS-DG SMB /sql/query unicode andx create tree attempt (netbios.rules, Low)
15325 <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules, Low)
15326 <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules, Low)

New rules:
15307 <-> WEB-ACTIVEX Microsoft Animation Control ActiveX clsid access (web-activex.rules, High)
15308 <-> WEB-ACTIVEX Microsoft Animation Control ActiveX clsid unicode access (web-activex.rules, High)
15309 <-> WEB-ACTIVEX Microsoft Animation Control ActiveX function call access (web-activex.rules, High)
15310 <-> WEB-ACTIVEX Microsoft Animation Control ActiveX function call unicode access (web-activex.rules, High)
15311 <-> WEB-ACTIVEX Research In Motion AxLoader ActiveX clsid access (web-activex.rules, High)
15312 <-> WEB-ACTIVEX Research In Motion AxLoader ActiveX clsid unicode access (web-activex.rules, High)
15313 <-> WEB-ACTIVEX Research In Motion AxLoader ActiveX function call access (web-activex.rules, High)
15314 <-> WEB-ACTIVEX Research In Motion AxLoader ActiveX function call unicode access (web-activex.rules, High)
15315 <-> WEB-ACTIVEX Akamai DownloadManager ActiveX clsid access (web-activex.rules, High)
15316 <-> WEB-ACTIVEX Akamai DownloadManager ActiveX clsid unicode access (web-activex.rules, High)
15317 <-> WEB-ACTIVEX Akamai DownloadManager ActiveX function call access (web-activex.rules, High)
15318 <-> WEB-ACTIVEX Akamai DownloadManager ActiveX function call unicode access (web-activex.rules, High)
15330 <-> WEB-ACTIVEX Nokia Phoenix Service 1 ActiveX clsid access (web-activex.rules, High)
15331 <-> WEB-ACTIVEX Nokia Phoenix Service 1 ActiveX clsid unicode access (web-activex.rules, High)
15332 <-> WEB-ACTIVEX Nokia Phoenix Service 2 ActiveX clsid access (web-activex.rules, High)
15333 <-> WEB-ACTIVEX Nokia Phoenix Service 2 ActiveX clsid unicode access (web-activex.rules, High)
15334 <-> WEB-ACTIVEX GeoVision LiveX 7000 ActiveX clsid access (web-activex.rules, High)
15335 <-> WEB-ACTIVEX GeoVision LiveX 7000 ActiveX clsid unicode access (web-activex.rules, High)
15336 <-> WEB-ACTIVEX GeoVision LiveX 7000 ActiveX function call access (web-activex.rules, High)
15337 <-> WEB-ACTIVEX GeoVision LiveX 7000 ActiveX function call unicode access (web-activex.rules, High)
15338 <-> WEB-ACTIVEX GeoVision LiveX 8120 ActiveX clsid access (web-activex.rules, High)
15339 <-> WEB-ACTIVEX GeoVision LiveX 8120 ActiveX clsid unicode access (web-activex.rules, High)
15340 <-> WEB-ACTIVEX GeoVision LiveX 8120 ActiveX function call access (web-activex.rules, High)
15341 <-> WEB-ACTIVEX GeoVision LiveX 8120 ActiveX function call unicode access (web-activex.rules, High)
15342 <-> WEB-ACTIVEX GeoVision LiveX 8200 ActiveX clsid access (web-activex.rules, High)
15343 <-> WEB-ACTIVEX GeoVision LiveX 8200 ActiveX clsid unicode access (web-activex.rules, High)
15344 <-> WEB-ACTIVEX GeoVision LiveX 8200 ActiveX function call access (web-activex.rules, High)
15345 <-> WEB-ACTIVEX GeoVision LiveX 8200 ActiveX function call unicode access (web-activex.rules, High)
15346 <-> WEB-ACTIVEX Synactis ALL In-The-Box ActiveX clsid access (web-activex.rules, High)
15347 <-> WEB-ACTIVEX Synactis ALL In-The-Box ActiveX clsid unicode access (web-activex.rules, High)
15348 <-> WEB-ACTIVEX Synactis ALL In-The-Box ActiveX function call access (web-activex.rules, High)
15349 <-> WEB-ACTIVEX Synactis ALL In-The-Box ActiveX function call unicode access (web-activex.rules, High)
15350 <-> WEB-ACTIVEX Web on Windows ActiveX clsid access (web-activex.rules, High)
15351 <-> WEB-ACTIVEX Web on Windows ActiveX clsid unicode access (web-activex.rules, High)
15352 <-> WEB-ACTIVEX Web on Windows ActiveX function call access (web-activex.rules, High)
15353 <-> WEB-ACTIVEX Web on Windows ActiveX function call unicode access (web-activex.rules, High)
15356 <-> SMTP Adobe PDF JBIG2 remote code execution attempt (smtp.rules, High)
15357 <-> WEB-CLIENT Adobe PDF JBIG2 remote code execution attempt (web-client.rules, High)
Snort

Sourcefire VRT Rules Update

Date: 2009-02-20

Snort Links

Community

Sourcefire
