Sourcefire VRT Rules Update

Date: 2009-06-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.

The format of the file is:

sid - Message (rule group, priority)

New rules:
15553 <-> SPECIFIC-THREATS Sality virus HTTP GET request (specific-threats.rules, High)
15554 <-> ORACLE Oracle Application Server 10g OPMN service format string vulnerability exploit attempt (oracle.rules, High)
15555 <-> EXPLOIT Symantec Alert Management System Intel Alert Originator Service buffer overflow attempt (exploit.rules, High)
15556 <-> EXPLOIT Symantec Alert Management System Intel File Transfer Service arbitrary program execution attempt (oracle.rules, High)
15557 <-> WEB-ACTIVEX SAP AG SAPgui EnjoySAP ActiveX clsid access (web-activex.rules, High)
15558 <-> WEB-ACTIVEX SAP AG SAPgui EnjoySAP ActiveX clsid unicode access (web-activex.rules, High)
15559 <-> WEB-CLIENT Apple QuickTime Movie File Clipping Region handling heap buffer overflow attempt (web-client.rules, High)
15560 <-> CHAT Yahoo Messenger web client activity (chat.rules, High)
15561 <-> CHAT AOL Aimexpress web client login (chat.rules, High)
15562 <-> WEB-CLIENT Adobe Reader JPX malformed code-block width attempt (web-client.rules, High)

Updated rules:
13309 <-> DELETED WEB-MISC Apache http server mod_proxy http request crafted date handling denial of service attempt (deleted.rules, Medium)
13310 <-> DELETED WEB-MISC Apache http server mod_proxy http response crafted date handling denial of service attempt (deleted.rules, Medium)
13311 <-> DELETED WEB-MISC Apache http server mod_proxy http response crafted date handling denial of service attempt (deleted.rules, Medium)
13512 <-> SQL generic sql exec injection attempt (sql.rules, High)
13513 <-> SQL generic sql insert injection atttempt (sql.rules, High)
13514 <-> SQL generic sql update injection attempt (sql.rules, High)
15477 <-> EXPLOIT Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt (exploit.rules, Medium)