Sourcefire VRT Rules Update
Date: 2010-01-26
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.
The format of the file is:
sid - Message (rule group, priority)
New rules: 16379 <-> WEB-ACTIVEX SAP AG SAPgui sapirrfc ActiveX clsid access (web-activex.rules, High) 16380 <-> WEB-ACTIVEX SAP AG SAPgui sapirrfc ActiveX clsid unicode access (web-activex.rules, High) 16381 <-> NETBIOS SMB session negotiation request (netbios.rules, Low) 16382 <-> WEB-CLIENT HTML+TIME animatemotion property memory corruption attempt (web-client.rules, High) 16383 <-> ORACLE MDSYS drop table trigger injection attempt (oracle.rules, High) 16384 <-> DOS VMware Server ISAPI Extension remote denial of service attempt (dos.rules, Medium) 16385 <-> MYSQL yaSSL library cert parsing stack overflow attempt (mysql.rules, High) Updated rules: 2056 <-> WEB-MISC TRACE attempt (web-misc.rules, High) 10115 <-> WEB-CLIENT Microsoft WMF denial of service attempt (web-client.rules, High) 11687 <-> WEB-MISC Apache SSI error page cross-site scripting (web-misc.rules, High) 13512 <-> SQL generic sql exec injection attempt - GET parameter (sql.rules, High) 13513 <-> SQL generic sql insert injection atttempt - GET parameter (sql.rules, High) 13514 <-> SQL generic sql update injection attempt - GET parameter (sql.rules, High) 13865 <-> WEB-CLIENT Adobe BMP image handler buffer overflow attempt (web-client.rules, High) 13901 <-> NETBIOS SMB server response heap overflow attempt (netbios.rules, High) 13990 <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules, Medium) 16214 <-> DOS Squid Proxy invalid HTTP response code denial of service attempt (dos.rules, Medium) 16288 <-> SPECIFIC-THREATS Sun Java Runtime AWT setDiffICM stack buffer overflow attempt (specific-threats.rules, High) 16291 <-> WEB-CLIENT Mozilla Network Security Services regexp heap overflow attempt (web-client.rules, High)
