Sourcefire VRT Rules Update

Date: 2009-07-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.

The format of the file is:

sid - Message (rule group, priority)

New rules:
15696 <-> SPECIFIC-THREATS Mozilla Firefox 3.5 TraceMonkey JavaScript engine uninitialized memory corruption attempt (specific-threats.rules, High)
15697 <-> WEB-CLIENT Generic javascript obfuscation attempt (web-client.rules, High)
15698 <-> WEB-CLIENT Possible generic javascript heap spray attempt (web-client.rules, High)
15699 <-> SPECIFIC-THREATS Mozilla Firefox 3.5 Mozilla Firefox 3.5 unicode stack overflow attempt (specific-threats.rules, High)

Updated rules:
 241 <-> DDOS shaft synflood (ddos.rules, Medium)
 275 <-> DOS NAPTHA (deleted.rules, Medium)
 523 <-> BAD-TRAFFIC ip reserved bit set (bad-traffic.rules, Low)
 526 <-> BAD-TRAFFIC data in TCP SYN packet (deleted.rules, Low)
 528 <-> BAD-TRAFFIC loopback traffic (deleted.rules, Medium)
1322 <-> BAD-TRAFFIC bad frag bits (deleted.rules, Low)
1431 <-> BAD-TRAFFIC syn to multicast address (deleted.rules, Medium)
15678 <-> SPECIFIC-THREATS Microsoft DirectShow ActiveX exploit via JavaScript (specific-threats.rules, High)
15679 <-> SPECIFIC-THREATS Microsoft DirectShow ActiveX exploit via JavaScript - unicode encoding (specific-threats.rules, High)