Sourcefire VRT Rules Update

Date: 2009-10-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.

The format of the file is:

sid - Message (rule group, priority)

New rules:
16147 <-> SPECIFIC-THREATS Microsoft IIS malformed URL .dll denial of service attempt (specific-threats.rules, Medium)
16148 <-> SPECIFIC-THREATS Apple QuickTime and iTunes heap memory corruption attempt (specific-threats.rules, High)
16159 <-> WEB-ACTIVEX Microsoft Excel Add-in for SQL Analysis Services 1 ActiveX clsid access (web-activex.rules, High)
16160 <-> WEB-ACTIVEX Microsoft Excel Add-in for SQL Analysis Services 1 ActiveX clsid unicode access (web-activex.rules, High)
16161 <-> WEB-ACTIVEX Microsoft Excel Add-in for SQL Analysis Services 2 ActiveX clsid access (web-activex.rules, High)
16162 <-> WEB-ACTIVEX Microsoft Excel Add-in for SQL Analysis Services 2 ActiveX clsid unicode access (web-activex.rules, High)
16163 <-> WEB-ACTIVEX Microsoft Excel Add-in for SQL Analysis Services 3 ActiveX clsid access (web-activex.rules, High)
16164 <-> WEB-ACTIVEX Microsoft Excel Add-in for SQL Analysis Services 3 ActiveX clsid unicode access (web-activex.rules, High)
16165 <-> WEB-ACTIVEX Microsoft Excel Add-in for SQL Analysis Services 4 ActiveX clsid access (web-activex.rules, High)
16166 <-> WEB-ACTIVEX Microsoft Excel Add-in for SQL Analysis Services 4 ActiveX clsid unicode access (web-activex.rules, High)

Updated rules:
1973 <-> FTP MKD overflow attempt (ftp.rules, High)
2374 <-> FTP NLST overflow attempt (ftp.rules, High)
6700 <-> WEB-CLIENT Malformed PNG detected tEXt overflow attempt (web-client.rules, High)
15472 <-> WEB-CLIENT Nullsoft Winamp pls file player name handling buffer overflow attempt (web-client.rules, High)
15638 <-> WEB-ACTIVEX Microsoft Video 32 ActiveX clsid access (web-activex.rules, High)
15639 <-> WEB-ACTIVEX Microsoft Video 32 ActiveX clsid unicode access (web-activex.rules, High)
15670 <-> WEB-ACTIVEX Microsoft Video 6 ActiveX clsid access (web-activex.rules, High)
15671 <-> WEB-ACTIVEX Microsoft Video 6 ActiveX clsid unicode access (web-activex.rules, High)
15904 <-> WEB-ACTIVEX Microsoft Video 6 ActiveX function call access (web-activex.rules, High)
15905 <-> WEB-ACTIVEX Microsoft Video 6 ActiveX function call unicode access (web-activex.rules, High)
15930 <-> NETBIOS Microsoft Windows SMB malformed process ID high field remote code execution attempt (netbios.rules, Medium)
15932 <-> FTP LIST globbing denial of service attack (ftp.rules, Medium)