Sourcefire VRT Rules Update

Date: 2009-12-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.

The format of the file is:

sid - Message (rule group, priority)

New rules:
16333 <-> WEB-CLIENT Adobe Reader util.printd memory corruption attempt (web-client.rules, High)
16334 <-> SPECIFIC-THREATS Adobe Reader compressed util.printd memory corruption attempt (specific-threats.rules, High)

Updated rules:
1266 <-> DELETED RPC portmap mountd request TCP (deleted.rules, Medium)
5709 <-> WEB-PHP file upload directory traversal (web-php.rules, Medium)
6045 <-> BACKDOOR fear 0.2 runtime detection - initial connection (backdoor.rules, High)
6056 <-> BACKDOOR bifrose 1.1 runtime detection (backdoor.rules, High)
7062 <-> DELETED BACKDOOR charon runtime detection - download log flowbit 2 (deleted.rules, High)
7066 <-> BACKDOOR cybernetic 1.62 runtime detection - reverse connection flowbit 1 (backdoor.rules, High)
7612 <-> DELETED BACKDOOR flux 1.0 runtime detection - initial connection - flowbit 3 (deleted.rules, High)
7618 <-> BACKDOOR theef 2.0 runtime detection - connection request with password - flowbit 2 (backdoor.rules, High)
13797 <-> WEB-CLIENT pe compact binary download (web-client.rules, Low)
15434 <-> WEB-MISC HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt (web-misc.rules, High)
15874 <-> SQL union select - possible sql injection attempt - POST parameter (sql.rules, Medium)