Snort :: Changes 2009-12-17

Sourcefire VRT Rules Update

Date: 2009-12-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.

The format of the file is:

sid - Message (rule group, priority)

New rules:
16335 <-> WEB-CLIENT xpdf ObjectStream integer overflow (web-client.rules, High)
16336 <-> WEB-CLIENT Blackberry Server PDF JBIG2 numnewsyms remote code execution attempt (web-client.rules, High)
16340 <-> SPECIFIC-THREATS DHTML Editing ActiveX clsid access (specific-threats.rules, High)
16341 <-> EXPLOIT IBM DB2 Database Server invalid data stream denial of service attempt (exploit.rules, Medium)

Updated rules:
15709 <-> WEB-CLIENT Adobe Acrobat and Adobe Reader FlateDecode integer overflow attempt (web-client.rules, High)
16128 <-> DELETED SPYWARE-PUT Keylogger aspy v2.12 runtime detection (deleted.rules, Medium)

Snort

Sourcefire VRT Rules Update

Date: 2009-12-17

Snort Links

Community

Sourcefire