Sourcefire VRT Rules Update
Date: 2009-08-18
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.
The format of the file is:
sid - Message (rule group, priority)
New rules: 15865 <-> WEB-CLIENT MP4 file request (web-client.rules, Low) 15866 <-> WEB-CLIENT libxml2 XML file processing long entity name buffer overflow attempt (web-client.rules, High) 15867 <-> WEB-CLIENT Adobe Acrobat PDF font processing memory corruption attempt (web-client.rules, High) 15868 <-> SQL Borland InterBase username buffer overflow (sql.rules, High) 15869 <-> WEB-CLIENT Adobe Flash Player ASnative command execution attempet (web-client.rules, High) 15870 <-> WEB-MISC 4xm file request (web-misc.rules, Low) 15871 <-> WEB-CLIENT FFmpeg 4xm processing memory corruption attempt (web-client.rules, High) 15872 <-> WEB-CLIENT Firefox defineSetter function pointer memory corruption attempt (web-client.rules, High) 15873 <-> WEB-CLIENT Firefox location spoofing via invalid window.open characters (web-client.rules, Medium) 15874 <-> SQL union select - possible sql injection attempt - POST parameter (sql.rules, Medium) 15875 <-> SQL generic sql insert injection atttempt - POST parameter (sql.rules, High) 15876 <-> SQL generic sql update injection attempt - POST parameter (sql.rules, High) 15877 <-> SQL generic sql exec injection attempt - POST parameter (sql.rules, High) Updated rules: 2348 <-> DELETED NETBIOS SMB-DS DCERPC print spool bind attempt (deleted.rules, Low) 3550 <-> WEB-CLIENT HTML http/https scheme hostname overflow attempt (web-client.rules, High) 9827 <-> SPYWARE-PUT Keylogger paq keylog runtime detection - smtp (spyware-put.rules, Medium) 11836 <-> MISC Visio version number anomaly (misc.rules, Low) 13316 <-> WEB-CLIENT 3ivx MP4 file parsing ART buffer overflow attempt (web-client.rules, High) 13317 <-> WEB-CLIENT 3ivx MP4 file parsing nam buffer overflow attempt (web-client.rules, High) 13318 <-> WEB-CLIENT 3ivx MP4 file parsing cmt buffer overflow attempt (web-client.rules, High) 13319 <-> WEB-CLIENT 3ivx MP4 file parsing des buffer overflow attempt (web-client.rules, High) 13320 <-> WEB-CLIENT 3ivx MP4 file parsing cpy buffer overflow attempt (web-client.rules, High) 13512 <-> SQL generic sql exec injection attempt - GET parameter (sql.rules, High) 13513 <-> SQL generic sql insert injection atttempt - GET parameter (sql.rules, High) 13514 <-> SQL generic sql update injection attempt - GET parameter (sql.rules, High) 13990 <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules, Medium) 15168 <-> POLICY Suspicious .ru dns query (policy.rules, High) 15479 <-> EXPLOIT RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt (exploit.rules, High) 15486 <-> DELETED BACKDOOR Kraken command and control server search attempt (deleted.rules, High) 15491 <-> EXPLOIT Subversion 1.0.2 dated-rev-report buffer overflow attempt (exploit.rules, High)
