Snort

Sourcefire VRT Update

Date: 2006-10-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
8426 <-> Enabled  <-> WEB-MISC SSLv2 openssl get shared ciphers overflow attempt (web-misc.rules)
8427 <-> Enabled  <-> WEB-MISC SSLv3 openssl get shared ciphers overflow attempt (web-misc.rules)
8428 <-> Enabled  <-> WEB-MISC SSLv2 openssl get shared ciphers overflow attempt (web-misc.rules)
8429 <-> Enabled  <-> POP3 SSLv2 openssl get shared ciphers overflow attempt (pop3.rules)
8430 <-> Enabled  <-> POP3 SSLv3 openssl get shared ciphers overflow attempt (pop3.rules)
8431 <-> Enabled  <-> POP3 SSLv2 openssl get shared ciphers overflow attempt (pop3.rules)
8432 <-> Enabled  <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules)
8433 <-> Enabled  <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules)
8434 <-> Enabled  <-> SMTP SSLv3 openssl get shared ciphers overflow attempt (smtp.rules)
8435 <-> Enabled  <-> SMTP SSLv3 openssl get shared ciphers overflow attempt (smtp.rules)
8436 <-> Enabled  <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules)
8437 <-> Enabled  <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules)
8438 <-> Enabled  <-> IMAP SSLv2 openssl get shared ciphers overflow attempt (imap.rules)
8439 <-> Enabled  <-> IMAP SSLv3 openssl get shared ciphers overflow attempt (imap.rules)
8440 <-> Enabled  <-> IMAP SSLv2 openssl get shared ciphers overflow attempt (imap.rules)
8441 <-> Enabled  <-> WEB-MISC McAfee header buffer overflow attempt (web-misc.rules)
8442 <-> Enabled  <-> SMTP Mozilla regular expression heap corruption attempt (smtp.rules)
8443 <-> Disabled <-> WEB-CLIENT Mozilla regular expression heap corruption attempt (web-client.rules)