Sourcefire VRT Rules Update
Date: 2009-03-31
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.
The format of the file is:
sid - Message (rule group, priority)
New rules: 14896 <-> NETBIOS-DG SMB v4 srvsvc NetrpPathCononicalize unicode path cononicalization stack overflow attempt (netbios.rules, High) 15434 <-> WEB-MISC HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt (web-misc.rules, High) 15435 <-> EXPLOIT IBM Director CIM server consumer name handling denial of service attempt (exploit.rules, Medium) 15436 <-> EXPLOIT IBM Tivoli Storage Manager Express Backup counter heap corruption attempt (exploit.rules, High) 15437 <-> EXPLOIT IBM Tivoli Storage Manager Express Backup message length heap corruption attempt (exploit.rules, High) 15438 <-> CONTENT-REPLACE QQ 2009 deny udp login (content-replace.rules, High) 15439 <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules, High) 15440 <-> CONTENT-REPLACE QQ 2008 deny udp login (content-replace.rules, High) 15441 <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules, High) 15442 <-> MYSQL XML Functions ExtractValue Scalar XPath denial of service attempt (mysql.rules, Medium) 15443 <-> MYSQL XML Functions UpdateXML Scalar XPath denial of service attempt (mysql.rules, Medium) 15444 <-> WEB-MISC Core Audio Format file download attempt (web-misc.rules, Low) 15445 <-> ORACLE Oracle Application Server BPEL module cross site scripting attempt (oracle.rules, High) 15446 <-> WEB-MISC Novell eDirectory management console Accept-Language buffer overflow attempt (web-misc.rules, High) 15447 <-> WEB-CLIENT Firefox XML parser memory corruption attempt (web-client.rules, High) Updated rules: 7070 <-> WEB-MISC encoded cross site scripting attempt (web-misc.rules, High) 12856 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX andx object call overflow attempt (netbios.rules, High) 12857 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX andx overflow attempt (netbios.rules, High) 12858 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX little endian andx object call overflow attempt (netbios.rules, High) 12859 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX little endian andx overflow attempt (netbios.rules, High) 12860 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX little endian object call overflow attempt (netbios.rules, High) 12861 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX little endian overflow attempt (netbios.rules, High) 12862 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX object call overflow attempt (netbios.rules, High) 12863 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX overflow attempt (netbios.rules, High) 12864 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode andx object call overflow attempt (netbios.rules, High) 12865 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode andx overflow attempt (netbios.rules, High) 12866 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode little endian andx object call overflow attempt (netbios.rules, High) 12867 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode little endian andx overflow attempt (netbios.rules, High) 12868 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode little endian object call overflow attempt (netbios.rules, High) 12869 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode little endian overflow attempt (netbios.rules, High) 12870 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode object call overflow attempt (netbios.rules, High) 12871 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode overflow attempt (netbios.rules, High) 12872 <-> NETBIOS SMB spoolss OpenPrinter andx object call overflow attempt (netbios.rules, High) 12873 <-> NETBIOS SMB spoolss OpenPrinter andx overflow attempt (netbios.rules, High) 12874 <-> NETBIOS SMB spoolss OpenPrinter little endian andx object call overflow attempt (netbios.rules, High) 12875 <-> NETBIOS SMB spoolss OpenPrinter little endian andx overflow attempt (netbios.rules, High) 12876 <-> NETBIOS SMB spoolss OpenPrinter little endian object call overflow attempt (netbios.rules, High) 12877 <-> NETBIOS SMB spoolss OpenPrinter little endian overflow attempt (netbios.rules, High) 12878 <-> NETBIOS SMB spoolss OpenPrinter object call overflow attempt (netbios.rules, High) 12879 <-> NETBIOS SMB spoolss OpenPrinter overflow attempt (netbios.rules, High) 12880 <-> NETBIOS SMB spoolss OpenPrinter unicode andx object call overflow attempt (netbios.rules, High) 12881 <-> NETBIOS SMB spoolss OpenPrinter unicode andx overflow attempt (netbios.rules, High) 12882 <-> NETBIOS SMB spoolss OpenPrinter unicode little endian andx object call overflow attempt (netbios.rules, High) 12883 <-> NETBIOS SMB spoolss OpenPrinter unicode little endian andx overflow attempt (netbios.rules, High) 12884 <-> NETBIOS SMB spoolss OpenPrinter unicode little endian object call overflow attempt (netbios.rules, High) 12885 <-> NETBIOS SMB spoolss OpenPrinter unicode little endian overflow attempt (netbios.rules, High) 12886 <-> NETBIOS SMB spoolss OpenPrinter unicode object call overflow attempt (netbios.rules, High) 12887 <-> NETBIOS SMB spoolss OpenPrinter unicode overflow attempt (netbios.rules, High) 12888 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX andx overflow attempt (netbios.rules, High) 12889 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX little endian andx overflow attempt (netbios.rules, High) 12890 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX little endian overflow attempt (netbios.rules, High) 12891 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX overflow attempt (netbios.rules, High) 12892 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX unicode andx overflow attempt (netbios.rules, High) 12893 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX unicode little endian andx overflow attempt (netbios.rules, High) 12894 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX unicode little endian overflow attempt (netbios.rules, High) 12895 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX unicode overflow attempt (netbios.rules, High) 12896 <-> NETBIOS SMB v4 spoolss OpenPrinter andx overflow attempt (netbios.rules, High) 12897 <-> NETBIOS SMB v4 spoolss OpenPrinter little endian andx overflow attempt (netbios.rules, High) 12898 <-> NETBIOS SMB v4 spoolss OpenPrinter little endian overflow attempt (netbios.rules, High) 12899 <-> NETBIOS SMB v4 spoolss OpenPrinter overflow attempt (netbios.rules, High) 12900 <-> NETBIOS SMB v4 spoolss OpenPrinter unicode andx overflow attempt (netbios.rules, High) 12901 <-> NETBIOS SMB v4 spoolss OpenPrinter unicode little endian andx overflow attempt (netbios.rules, High) 12902 <-> NETBIOS SMB v4 spoolss OpenPrinter unicode little endian overflow attempt (netbios.rules, High) 12903 <-> NETBIOS SMB v4 spoolss OpenPrinter unicode overflow attempt (netbios.rules, High) 12946 <-> NETBIOS SMB-DS SMBv2 protocol negotiation attempt (netbios.rules, High) 12947 <-> NETBIOS SMB SMBv2 protocol negotiation attempt (netbios.rules, High) 13162 <-> NETBIOS SMB v4 spoolss EnumPrinters overflow attempt (netbios.rules, High) 13163 <-> NETBIOS SMB v4 spoolss EnumPrinters little endian overflow attempt (netbios.rules, High) 13164 <-> NETBIOS SMB v4 spoolss EnumPrinters WriteAndX overflow attempt (netbios.rules, High) 13165 <-> NETBIOS SMB v4 spoolss EnumPrinters WriteAndX little endian overflow attempt (netbios.rules, High) 13166 <-> NETBIOS SMB v4 spoolss EnumPrinters unicode overflow attempt (netbios.rules, High) 13167 <-> NETBIOS SMB v4 spoolss EnumPrinters WriteAndX unicode overflow attempt (netbios.rules, High) 13168 <-> NETBIOS SMB v4 spoolss EnumPrinters unicode little endian overflow attempt (netbios.rules, High) 13169 <-> NETBIOS SMB v4 spoolss EnumPrinters WriteAndX unicode little endian overflow attempt (netbios.rules, High) 13170 <-> NETBIOS SMB spoolss EnumPrinters WriteAndX unicode andx object call overflow attempt (netbios.rules, High) 13171 <-> NETBIOS SMB spoolss EnumPrinters WriteAndX unicode andx overflow attempt (netbios.rules, High) 13172 <-> NETBIOS SMB spoolss EnumPrinters WriteAndX unicode little endian andx object call overflow attempt (netbios.rules, High) 13173 <-> NETBIOS SMB spoolss EnumPrinters WriteAndX unicode little endian andx overflow attempt (netbios.rules, High) 13174 <-> NETBIOS SMB spoolss EnumPrinters WriteAndX unicode little endian object call overflow attempt (netbios.rules, High) 13175 <-> NETBIOS SMB spoolss EnumPrinters WriteAndX unicode overflow attempt (netbios.rules, High) 13176 <-> NETBIOS SMB spoolss EnumPrinters WriteAndX unicode object call overflow attempt (netbios.rules, High) 13177 <-> NETBIOS SMB spoolss EnumPrinters WriteAndX unicode overflow attempt (netbios.rules, High) 13178 <-> NETBIOS SMB spoolss EnumPrinters object call overflow attempt (netbios.rules, High) 13179 <-> NETBIOS SMB spoolss EnumPrinters WriteAndX object call overflow attempt (netbios.rules, High) 13180 <-> NETBIOS SMB spoolss EnumPrinters little endian object call overflow attempt (netbios.rules, High) 13181 <-> NETBIOS SMB spoolss EnumPrinters WriteAndX little endian object call overflow attempt (netbios.rules, High) 13182 <-> NETBIOS SMB spoolss EnumPrinters unicode object call overflow attempt (netbios.rules, High) 13183 <-> NETBIOS SMB spoolss EnumPrinters WriteAndX unicode object call overflow attempt (netbios.rules, High) 13184 <-> NETBIOS SMB spoolss EnumPrinters unicode little endian object call overflow attempt (netbios.rules, High) 13185 <-> NETBIOS SMB spoolss EnumPrinters WriteAndX unicode little endian object call overflow attempt (netbios.rules, High) 13186 <-> NETBIOS SMB v4 spoolss EnumPrinters andx overflow attempt (netbios.rules, High) 13187 <-> NETBIOS SMB v4 spoolss EnumPrinters little endian andx overflow attempt (netbios.rules, High) 13188 <-> NETBIOS SMB v4 spoolss EnumPrinters WriteAndX andx overflow attempt (netbios.rules, High) 13189 <-> NETBIOS SMB v4 spoolss EnumPrinters WriteAndX little endian andx overflow attempt (netbios.rules, High) 13190 <-> NETBIOS SMB v4 spoolss EnumPrinters unicode andx overflow attempt (netbios.rules, High) 13191 <-> NETBIOS SMB v4 spoolss EnumPrinters WriteAndX unicode andx overflow attempt (netbios.rules, High) 13192 <-> NETBIOS SMB v4 spoolss EnumPrinters unicode little endian andx overflow attempt (netbios.rules, High) 13193 <-> NETBIOS SMB v4 spoolss EnumPrinters WriteAndX unicode little endian andx overflow attempt (netbios.rules, High) 13194 <-> NETBIOS SMB v4 spoolss EnumPrinters WriteAndX andx overflow attempt (netbios.rules, High) 13195 <-> NETBIOS SMB v4 spoolss EnumPrinters WriteAndX little endian andx overflow attempt (netbios.rules, High) 13196 <-> NETBIOS SMB v4 spoolss EnumPrinters WriteAndX little endian overflow attempt (netbios.rules, High) 13197 <-> NETBIOS SMB v4 spoolss EnumPrinters WriteAndX overflow attempt (netbios.rules, High) 13198 <-> NETBIOS SMB v4 spoolss EnumPrinters WriteAndX unicode andx overflow attempt (netbios.rules, High) 13199 <-> NETBIOS SMB v4 spoolss EnumPrinters WriteAndX unicode little endian andx overflow attempt (netbios.rules, High) 13200 <-> NETBIOS SMB v4 spoolss EnumPrinters WriteAndX unicode little endian overflow attempt (netbios.rules, High) 13201 <-> NETBIOS SMB v4 spoolss EnumPrinters WriteAndX unicode overflow attempt (netbios.rules, High) 13202 <-> NETBIOS SMB v4 spoolss EnumPrinters andx overflow attempt (netbios.rules, High) 13203 <-> NETBIOS SMB v4 spoolss EnumPrinters little endian andx overflow attempt (netbios.rules, High) 13204 <-> NETBIOS SMB v4 spoolss EnumPrinters little endian overflow attempt (netbios.rules, High) 13205 <-> NETBIOS SMB v4 spoolss EnumPrinters overflow attempt (netbios.rules, High) 13206 <-> NETBIOS SMB v4 spoolss EnumPrinters unicode andx overflow attempt (netbios.rules, High) 13207 <-> NETBIOS SMB v4 spoolss EnumPrinters unicode little endian andx overflow attempt (netbios.rules, High) 13208 <-> NETBIOS SMB v4 spoolss EnumPrinters unicode little endian overflow attempt (netbios.rules, High) 13209 <-> NETBIOS SMB v4 spoolss EnumPrinters unicode overflow attempt (netbios.rules, High) 13512 <-> SQL generic sql exec injection attempt (sql.rules, High) 13513 <-> SQL generic sql insert injection atttempt (sql.rules, High) 13514 <-> SQL generic sql update injection attempt (sql.rules, High) 14025 <-> WEB-ACTIVEX Computer Associates gui_cm_ctrls ActiveX clsid access (web-activex.rules, High) 14026 <-> WEB-ACTIVEX Computer Associates gui_cm_ctrls ActiveX clsid unicode access (web-activex.rules, High) 14029 <-> WEB-ACTIVEX Computer Associates gui_cm_ctrls ActiveX clsid access (web-activex.rules, High) 14030 <-> WEB-ACTIVEX Computer Associates gui_cm_ctrls ActiveX clsid unicode access (web-activex.rules, High) 14031 <-> WEB-ACTIVEX Computer Associates gui_cm_ctrls ActiveX function call access (web-activex.rules, High) 14032 <-> WEB-ACTIVEX Computer Associates gui_cm_ctrls ActiveX function call unicode access (web-activex.rules, High) 15431 <-> SPECIFIC-THREATS Firefox 3 xsl parsing heap overflow attempt (specific-threats.rules, High)
