Sourcefire VRT Rules Update
Date: 2009-02-27
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.
The format of the file is:
sid - Message (rule group, priority)
New rules: 15363 <-> WEB-CLIENT Potential obfuscated javascript eval unescape attack attempt (web-client.rules, Low) 15364 <-> EXPLOIT Ganglia Meta Daemon process_path stack buffer overflow attempt (exploit.rules, High) Updated rules: 2183 <-> SMTP Content-Transfer-Encoding overflow attempt (smtp.rules, High) 2338 <-> FTP LIST buffer overflow attempt (ftp.rules, Medium) 3461 <-> SMTP Content-Type overflow attempt (smtp.rules, High) 3462 <-> SMTP Content-Encoding overflow attempt (smtp.rules, High) 4060 <-> POLICY RDP attempted administrator connection request (policy.rules, Low) 10010 <-> EXPLOIT Putty Server key exchange buffer overflow attempt (exploit.rules, High) 10135 <-> DOS Squid proxy FTP denial of service attempt (dos.rules, Medium) 11004 <-> IMAP CRAM-MD5 authentication method buffer overflow (imap.rules, High) 11686 <-> SPECIFIC-THREATS WebDAV search overflow attempt (specific-threats.rules, High) 12465 <-> EXPLOIT Apache APR memory corruption attempt (exploit.rules, High) 13292 <-> EXPLOIT Skype skype4com URI handler memory corruption attempt (exploit.rules, High) 13611 <-> EXPLOIT RealVNC client response (exploit.rules, Low) 13612 <-> EXPLOIT RealVNC server authentication bypass attempt (exploit.rules, Low) 13880 <-> EXPLOIT RealVNC server authentication version array check (exploit.rules, Low)
