Talos has added and modified multiple rules in the browser-ie, file-identify, file-image, file-multimedia, file-office, file-other, file-pdf, malware-cnc, os-windows, policy-other, protocol-scada, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51040 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (file-multimedia.rules) * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:51020 <-> DISABLED <-> SERVER-WEBAPP XStream void primitive denial of service attempt (server-webapp.rules) * 1:51019 <-> DISABLED <-> SERVER-OTHER Tiny HTTP server head request denial of service attempt (server-other.rules) * 1:51018 <-> DISABLED <-> SERVER-OTHER DualDesk v20 Proxy.exe long string denial of service attempt (server-other.rules) * 1:51039 <-> DISABLED <-> OS-WINDOWS Microsoft Windows OLE32 MSHTA masquerade attempt (os-windows.rules) * 1:51038 <-> DISABLED <-> BROWSER-IE Microsoft XML core services cross-domain information disclosure attempt (browser-ie.rules) * 1:51037 <-> DISABLED <-> POLICY-OTHER IGMP membership query attempt (policy-other.rules) * 1:51036 <-> DISABLED <-> POLICY-OTHER IP option loose source routing attempt (policy-other.rules) * 1:51035 <-> DISABLED <-> POLICY-OTHER IP option strict source routing attempt (policy-other.rules) * 1:51034 <-> DISABLED <-> POLICY-OTHER IP option loose source routing attempt (policy-other.rules) * 1:51033 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Clipbanker file download attempt (malware-cnc.rules) * 1:51032 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:51031 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:51030 <-> DISABLED <-> PROTOCOL-SCADA Sielco Sistemi Winlog Lite buffer overflow attempt (protocol-scada.rules) * 1:51029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:51028 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:51027 <-> DISABLED <-> SERVER-OTHER Novell iManager ASN.1 client hello parsing denial of service attempt (server-other.rules) * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules) * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules) * 1:51024 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:51046 <-> DISABLED <-> SERVER-OTHER PostgreSQL interval stack buffer overflow attempt (server-other.rules) * 1:51043 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Lazarus variant outbound connection (malware-cnc.rules) * 1:51042 <-> DISABLED <-> SERVER-OTHER ZeroMQ libzmq pointer overflow attempt (server-other.rules) * 1:51041 <-> DISABLED <-> SERVER-OTHER LCDproc Server test_func_func stack buffer overflow attempt (server-other.rules) * 1:51045 <-> DISABLED <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt (server-other.rules) * 1:51044 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Lazarus variant outbound connection (malware-cnc.rules) * 1:51047 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51050 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51049 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51048 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51052 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51051 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51053 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51069 <-> DISABLED <-> POLICY-OTHER DHCP broadcast address offer attempt (policy-other.rules) * 1:51068 <-> DISABLED <-> POLICY-OTHER DHCP multicast address offer attempt (policy-other.rules) * 1:51067 <-> DISABLED <-> POLICY-OTHER DHCP loopback address offer attempt (policy-other.rules) * 1:51066 <-> DISABLED <-> POLICY-OTHER TCP SYN packet and URG set attempt (policy-other.rules) * 1:51065 <-> DISABLED <-> POLICY-OTHER TCP FIN packet and URG set attempt (policy-other.rules) * 1:51064 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:51063 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:51062 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51061 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51060 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51059 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51058 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51057 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51056 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51055 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51054 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules)
* 1:19813 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt (server-webapp.rules) * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:29871 <-> DISABLED <-> SERVER-ORACLE Oracle Reports server remote code execution attempt (server-oracle.rules) * 1:30215 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (file-multimedia.rules) * 1:40482 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:46375 <-> DISABLED <-> SERVER-OTHER DualDesk v20 Proxy.exe long string denial of service attempt (server-other.rules) * 1:49122 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:49123 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:49124 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:49125 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:49291 <-> ENABLED <-> FILE-OTHER WinRAR ACE remote code execution attempt (file-other.rules) * 1:49292 <-> ENABLED <-> FILE-OTHER WinRAR ACE remote code execution attempt (file-other.rules) * 1:49557 <-> ENABLED <-> SERVER-WEBAPP Apache Solr jmx.serviceUrl remote code execution attempt (server-webapp.rules) * 1:50441 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:50442 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:50443 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:50920 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station information disclosure attempt (server-webapp.rules) * 1:50444 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51024 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:51029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:51032 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules) * 1:51018 <-> DISABLED <-> SERVER-OTHER DualDesk v20 Proxy.exe long string denial of service attempt (server-other.rules) * 1:51019 <-> DISABLED <-> SERVER-OTHER Tiny HTTP server head request denial of service attempt (server-other.rules) * 1:51020 <-> DISABLED <-> SERVER-WEBAPP XStream void primitive denial of service attempt (server-webapp.rules) * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:51028 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules) * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:51043 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Lazarus variant outbound connection (malware-cnc.rules) * 1:51044 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Lazarus variant outbound connection (malware-cnc.rules) * 1:51031 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:51045 <-> DISABLED <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt (server-other.rules) * 1:51046 <-> DISABLED <-> SERVER-OTHER PostgreSQL interval stack buffer overflow attempt (server-other.rules) * 1:51047 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51030 <-> DISABLED <-> PROTOCOL-SCADA Sielco Sistemi Winlog Lite buffer overflow attempt (protocol-scada.rules) * 1:51037 <-> DISABLED <-> POLICY-OTHER IGMP membership query attempt (policy-other.rules) * 1:51048 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51049 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51050 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51051 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51052 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51053 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51054 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51055 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51056 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51057 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51038 <-> DISABLED <-> BROWSER-IE Microsoft XML core services cross-domain information disclosure attempt (browser-ie.rules) * 1:51058 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51059 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51060 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51069 <-> DISABLED <-> POLICY-OTHER DHCP broadcast address offer attempt (policy-other.rules) * 1:51068 <-> DISABLED <-> POLICY-OTHER DHCP multicast address offer attempt (policy-other.rules) * 1:51067 <-> DISABLED <-> POLICY-OTHER DHCP loopback address offer attempt (policy-other.rules) * 1:51066 <-> DISABLED <-> POLICY-OTHER TCP SYN packet and URG set attempt (policy-other.rules) * 1:51065 <-> DISABLED <-> POLICY-OTHER TCP FIN packet and URG set attempt (policy-other.rules) * 1:51064 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:51063 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:51062 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51040 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (file-multimedia.rules) * 1:51039 <-> DISABLED <-> OS-WINDOWS Microsoft Windows OLE32 MSHTA masquerade attempt (os-windows.rules) * 1:51061 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51035 <-> DISABLED <-> POLICY-OTHER IP option strict source routing attempt (policy-other.rules) * 1:51036 <-> DISABLED <-> POLICY-OTHER IP option loose source routing attempt (policy-other.rules) * 1:51033 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Clipbanker file download attempt (malware-cnc.rules) * 1:51034 <-> DISABLED <-> POLICY-OTHER IP option loose source routing attempt (policy-other.rules) * 1:51041 <-> DISABLED <-> SERVER-OTHER LCDproc Server test_func_func stack buffer overflow attempt (server-other.rules) * 1:51027 <-> DISABLED <-> SERVER-OTHER Novell iManager ASN.1 client hello parsing denial of service attempt (server-other.rules) * 1:51042 <-> DISABLED <-> SERVER-OTHER ZeroMQ libzmq pointer overflow attempt (server-other.rules)
* 1:29871 <-> DISABLED <-> SERVER-ORACLE Oracle Reports server remote code execution attempt (server-oracle.rules) * 1:49292 <-> ENABLED <-> FILE-OTHER WinRAR ACE remote code execution attempt (file-other.rules) * 1:49123 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:46375 <-> DISABLED <-> SERVER-OTHER DualDesk v20 Proxy.exe long string denial of service attempt (server-other.rules) * 1:49122 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:49124 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:49125 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:49291 <-> ENABLED <-> FILE-OTHER WinRAR ACE remote code execution attempt (file-other.rules) * 1:40482 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:19813 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt (server-webapp.rules) * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:50441 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:50442 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:50443 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:50444 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:50920 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station information disclosure attempt (server-webapp.rules) * 1:49557 <-> ENABLED <-> SERVER-WEBAPP Apache Solr jmx.serviceUrl remote code execution attempt (server-webapp.rules) * 1:30215 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (file-multimedia.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules) * 1:51029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:51058 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51059 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51069 <-> DISABLED <-> POLICY-OTHER DHCP broadcast address offer attempt (policy-other.rules) * 1:51068 <-> DISABLED <-> POLICY-OTHER DHCP multicast address offer attempt (policy-other.rules) * 1:51067 <-> DISABLED <-> POLICY-OTHER DHCP loopback address offer attempt (policy-other.rules) * 1:51066 <-> DISABLED <-> POLICY-OTHER TCP SYN packet and URG set attempt (policy-other.rules) * 1:51065 <-> DISABLED <-> POLICY-OTHER TCP FIN packet and URG set attempt (policy-other.rules) * 1:51064 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:51062 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51030 <-> DISABLED <-> PROTOCOL-SCADA Sielco Sistemi Winlog Lite buffer overflow attempt (protocol-scada.rules) * 1:51063 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:51037 <-> DISABLED <-> POLICY-OTHER IGMP membership query attempt (policy-other.rules) * 1:51043 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Lazarus variant outbound connection (malware-cnc.rules) * 1:51044 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Lazarus variant outbound connection (malware-cnc.rules) * 1:51045 <-> DISABLED <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt (server-other.rules) * 1:51024 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:51046 <-> DISABLED <-> SERVER-OTHER PostgreSQL interval stack buffer overflow attempt (server-other.rules) * 1:51047 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51048 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51049 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51050 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51051 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51052 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51032 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:51053 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51040 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (file-multimedia.rules) * 1:51039 <-> DISABLED <-> OS-WINDOWS Microsoft Windows OLE32 MSHTA masquerade attempt (os-windows.rules) * 1:51061 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51036 <-> DISABLED <-> POLICY-OTHER IP option loose source routing attempt (policy-other.rules) * 1:51034 <-> DISABLED <-> POLICY-OTHER IP option loose source routing attempt (policy-other.rules) * 1:51035 <-> DISABLED <-> POLICY-OTHER IP option strict source routing attempt (policy-other.rules) * 1:51033 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Clipbanker file download attempt (malware-cnc.rules) * 1:51041 <-> DISABLED <-> SERVER-OTHER LCDproc Server test_func_func stack buffer overflow attempt (server-other.rules) * 1:51027 <-> DISABLED <-> SERVER-OTHER Novell iManager ASN.1 client hello parsing denial of service attempt (server-other.rules) * 1:51042 <-> DISABLED <-> SERVER-OTHER ZeroMQ libzmq pointer overflow attempt (server-other.rules) * 1:51054 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51055 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51056 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules) * 1:51057 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51038 <-> DISABLED <-> BROWSER-IE Microsoft XML core services cross-domain information disclosure attempt (browser-ie.rules) * 1:51028 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:51019 <-> DISABLED <-> SERVER-OTHER Tiny HTTP server head request denial of service attempt (server-other.rules) * 1:51020 <-> DISABLED <-> SERVER-WEBAPP XStream void primitive denial of service attempt (server-webapp.rules) * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:51018 <-> DISABLED <-> SERVER-OTHER DualDesk v20 Proxy.exe long string denial of service attempt (server-other.rules) * 1:51060 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51031 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules)
* 1:49291 <-> ENABLED <-> FILE-OTHER WinRAR ACE remote code execution attempt (file-other.rules) * 1:19813 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt (server-webapp.rules) * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:29871 <-> DISABLED <-> SERVER-ORACLE Oracle Reports server remote code execution attempt (server-oracle.rules) * 1:46375 <-> DISABLED <-> SERVER-OTHER DualDesk v20 Proxy.exe long string denial of service attempt (server-other.rules) * 1:30215 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (file-multimedia.rules) * 1:49122 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:40482 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:49292 <-> ENABLED <-> FILE-OTHER WinRAR ACE remote code execution attempt (file-other.rules) * 1:49557 <-> ENABLED <-> SERVER-WEBAPP Apache Solr jmx.serviceUrl remote code execution attempt (server-webapp.rules) * 1:50441 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:50442 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:50443 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:50444 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:50920 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station information disclosure attempt (server-webapp.rules) * 1:49124 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:49125 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:49123 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:51024 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules) * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:51032 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:51059 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51031 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:51037 <-> DISABLED <-> POLICY-OTHER IGMP membership query attempt (policy-other.rules) * 1:51030 <-> DISABLED <-> PROTOCOL-SCADA Sielco Sistemi Winlog Lite buffer overflow attempt (protocol-scada.rules) * 1:51063 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:51062 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51064 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:51065 <-> DISABLED <-> POLICY-OTHER TCP FIN packet and URG set attempt (policy-other.rules) * 1:51066 <-> DISABLED <-> POLICY-OTHER TCP SYN packet and URG set attempt (policy-other.rules) * 1:51067 <-> DISABLED <-> POLICY-OTHER DHCP loopback address offer attempt (policy-other.rules) * 1:51068 <-> DISABLED <-> POLICY-OTHER DHCP multicast address offer attempt (policy-other.rules) * 1:51069 <-> DISABLED <-> POLICY-OTHER DHCP broadcast address offer attempt (policy-other.rules) * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules) * 1:51060 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51057 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51058 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51036 <-> DISABLED <-> POLICY-OTHER IP option loose source routing attempt (policy-other.rules) * 1:51061 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51035 <-> DISABLED <-> POLICY-OTHER IP option strict source routing attempt (policy-other.rules) * 1:51034 <-> DISABLED <-> POLICY-OTHER IP option loose source routing attempt (policy-other.rules) * 1:51033 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Clipbanker file download attempt (malware-cnc.rules) * 1:51043 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Lazarus variant outbound connection (malware-cnc.rules) * 1:51044 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Lazarus variant outbound connection (malware-cnc.rules) * 1:51045 <-> DISABLED <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt (server-other.rules) * 1:51027 <-> DISABLED <-> SERVER-OTHER Novell iManager ASN.1 client hello parsing denial of service attempt (server-other.rules) * 1:51042 <-> DISABLED <-> SERVER-OTHER ZeroMQ libzmq pointer overflow attempt (server-other.rules) * 1:51041 <-> DISABLED <-> SERVER-OTHER LCDproc Server test_func_func stack buffer overflow attempt (server-other.rules) * 1:51040 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (file-multimedia.rules) * 1:51039 <-> DISABLED <-> OS-WINDOWS Microsoft Windows OLE32 MSHTA masquerade attempt (os-windows.rules) * 1:51046 <-> DISABLED <-> SERVER-OTHER PostgreSQL interval stack buffer overflow attempt (server-other.rules) * 1:51047 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51048 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:51028 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:51019 <-> DISABLED <-> SERVER-OTHER Tiny HTTP server head request denial of service attempt (server-other.rules) * 1:51020 <-> DISABLED <-> SERVER-WEBAPP XStream void primitive denial of service attempt (server-webapp.rules) * 1:51018 <-> DISABLED <-> SERVER-OTHER DualDesk v20 Proxy.exe long string denial of service attempt (server-other.rules) * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:51049 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51050 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51051 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51052 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51053 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51054 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51055 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51056 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51038 <-> DISABLED <-> BROWSER-IE Microsoft XML core services cross-domain information disclosure attempt (browser-ie.rules)
* 1:50443 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:50920 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station information disclosure attempt (server-webapp.rules) * 1:50444 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:50442 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:30215 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (file-multimedia.rules) * 1:29871 <-> DISABLED <-> SERVER-ORACLE Oracle Reports server remote code execution attempt (server-oracle.rules) * 1:40482 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:46375 <-> DISABLED <-> SERVER-OTHER DualDesk v20 Proxy.exe long string denial of service attempt (server-other.rules) * 1:49122 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:49123 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:49124 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:49125 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:19813 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt (server-webapp.rules) * 1:49292 <-> ENABLED <-> FILE-OTHER WinRAR ACE remote code execution attempt (file-other.rules) * 1:50441 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:49557 <-> ENABLED <-> SERVER-WEBAPP Apache Solr jmx.serviceUrl remote code execution attempt (server-webapp.rules) * 1:49291 <-> ENABLED <-> FILE-OTHER WinRAR ACE remote code execution attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51024 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (snort3-file-identify.rules) * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (snort3-file-pdf.rules) * 1:51032 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (snort3-server-webapp.rules) * 1:51019 <-> DISABLED <-> SERVER-OTHER Tiny HTTP server head request denial of service attempt (snort3-server-other.rules) * 1:51037 <-> DISABLED <-> POLICY-OTHER IGMP membership query attempt (snort3-policy-other.rules) * 1:51030 <-> DISABLED <-> PROTOCOL-SCADA Sielco Sistemi Winlog Lite buffer overflow attempt (snort3-protocol-scada.rules) * 1:51064 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (snort3-server-other.rules) * 1:51062 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (snort3-file-office.rules) * 1:51065 <-> DISABLED <-> POLICY-OTHER TCP FIN packet and URG set attempt (snort3-policy-other.rules) * 1:51066 <-> DISABLED <-> POLICY-OTHER TCP SYN packet and URG set attempt (snort3-policy-other.rules) * 1:51067 <-> DISABLED <-> POLICY-OTHER DHCP loopback address offer attempt (snort3-policy-other.rules) * 1:51068 <-> DISABLED <-> POLICY-OTHER DHCP multicast address offer attempt (snort3-policy-other.rules) * 1:51069 <-> DISABLED <-> POLICY-OTHER DHCP broadcast address offer attempt (snort3-policy-other.rules) * 1:51031 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (snort3-server-webapp.rules) * 1:51018 <-> DISABLED <-> SERVER-OTHER DualDesk v20 Proxy.exe long string denial of service attempt (snort3-server-other.rules) * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (snort3-server-webapp.rules) * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (snort3-file-pdf.rules) * 1:51042 <-> DISABLED <-> SERVER-OTHER ZeroMQ libzmq pointer overflow attempt (snort3-server-other.rules) * 1:51027 <-> DISABLED <-> SERVER-OTHER Novell iManager ASN.1 client hello parsing denial of service attempt (snort3-server-other.rules) * 1:51041 <-> DISABLED <-> SERVER-OTHER LCDproc Server test_func_func stack buffer overflow attempt (snort3-server-other.rules) * 1:51040 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (snort3-file-multimedia.rules) * 1:51039 <-> DISABLED <-> OS-WINDOWS Microsoft Windows OLE32 MSHTA masquerade attempt (snort3-os-windows.rules) * 1:51036 <-> DISABLED <-> POLICY-OTHER IP option loose source routing attempt (snort3-policy-other.rules) * 1:51034 <-> DISABLED <-> POLICY-OTHER IP option loose source routing attempt (snort3-policy-other.rules) * 1:51061 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (snort3-file-office.rules) * 1:51035 <-> DISABLED <-> POLICY-OTHER IP option strict source routing attempt (snort3-policy-other.rules) * 1:51033 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Clipbanker file download attempt (snort3-malware-cnc.rules) * 1:51058 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (snort3-file-other.rules) * 1:51060 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (snort3-file-office.rules) * 1:51020 <-> DISABLED <-> SERVER-WEBAPP XStream void primitive denial of service attempt (snort3-server-webapp.rules) * 1:51059 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (snort3-file-office.rules) * 1:51057 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (snort3-file-other.rules) * 1:51028 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (snort3-os-windows.rules) * 1:51043 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Lazarus variant outbound connection (snort3-malware-cnc.rules) * 1:51044 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Lazarus variant outbound connection (snort3-malware-cnc.rules) * 1:51045 <-> DISABLED <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt (snort3-server-other.rules) * 1:51046 <-> DISABLED <-> SERVER-OTHER PostgreSQL interval stack buffer overflow attempt (snort3-server-other.rules) * 1:51047 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (snort3-file-other.rules) * 1:51048 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (snort3-file-other.rules) * 1:51049 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (snort3-file-other.rules) * 1:51050 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (snort3-file-other.rules) * 1:51051 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (snort3-file-other.rules) * 1:51052 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (snort3-file-other.rules) * 1:51053 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (snort3-file-other.rules) * 1:51054 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (snort3-file-other.rules) * 1:51055 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (snort3-file-other.rules) * 1:51056 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (snort3-file-other.rules) * 1:51038 <-> DISABLED <-> BROWSER-IE Microsoft XML core services cross-domain information disclosure attempt (snort3-browser-ie.rules) * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (snort3-server-webapp.rules) * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (snort3-server-webapp.rules) * 1:51063 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (snort3-server-other.rules) * 1:51029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (snort3-os-windows.rules)
* 1:49124 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (snort3-file-image.rules) * 1:46375 <-> DISABLED <-> SERVER-OTHER DualDesk v20 Proxy.exe long string denial of service attempt (snort3-server-other.rules) * 1:40482 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (snort3-server-other.rules) * 1:50920 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station information disclosure attempt (snort3-server-webapp.rules) * 1:49123 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (snort3-file-image.rules) * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (snort3-file-identify.rules) * 1:30215 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (snort3-file-multimedia.rules) * 1:19813 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt (snort3-server-webapp.rules) * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (snort3-file-identify.rules) * 1:29871 <-> DISABLED <-> SERVER-ORACLE Oracle Reports server remote code execution attempt (snort3-server-oracle.rules) * 1:49125 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (snort3-file-image.rules) * 1:49557 <-> ENABLED <-> SERVER-WEBAPP Apache Solr jmx.serviceUrl remote code execution attempt (snort3-server-webapp.rules) * 1:50441 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (snort3-file-image.rules) * 1:50442 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (snort3-file-image.rules) * 1:49291 <-> ENABLED <-> FILE-OTHER WinRAR ACE remote code execution attempt (snort3-file-other.rules) * 1:50443 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (snort3-file-image.rules) * 1:49122 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (snort3-file-image.rules) * 1:49292 <-> ENABLED <-> FILE-OTHER WinRAR ACE remote code execution attempt (snort3-file-other.rules) * 1:50444 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (snort3-file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51028 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules) * 1:51029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:51030 <-> DISABLED <-> PROTOCOL-SCADA Sielco Sistemi Winlog Lite buffer overflow attempt (protocol-scada.rules) * 1:51063 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:51062 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51064 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:51065 <-> DISABLED <-> POLICY-OTHER TCP FIN packet and URG set attempt (policy-other.rules) * 1:51031 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:51066 <-> DISABLED <-> POLICY-OTHER TCP SYN packet and URG set attempt (policy-other.rules) * 1:51061 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51034 <-> DISABLED <-> POLICY-OTHER IP option loose source routing attempt (policy-other.rules) * 1:51035 <-> DISABLED <-> POLICY-OTHER IP option strict source routing attempt (policy-other.rules) * 1:51033 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Clipbanker file download attempt (malware-cnc.rules) * 1:51067 <-> DISABLED <-> POLICY-OTHER DHCP loopback address offer attempt (policy-other.rules) * 1:51032 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:51060 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51042 <-> DISABLED <-> SERVER-OTHER ZeroMQ libzmq pointer overflow attempt (server-other.rules) * 1:51027 <-> DISABLED <-> SERVER-OTHER Novell iManager ASN.1 client hello parsing denial of service attempt (server-other.rules) * 1:51041 <-> DISABLED <-> SERVER-OTHER LCDproc Server test_func_func stack buffer overflow attempt (server-other.rules) * 1:51040 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (file-multimedia.rules) * 1:51039 <-> DISABLED <-> OS-WINDOWS Microsoft Windows OLE32 MSHTA masquerade attempt (os-windows.rules) * 1:51036 <-> DISABLED <-> POLICY-OTHER IP option loose source routing attempt (policy-other.rules) * 1:51068 <-> DISABLED <-> POLICY-OTHER DHCP multicast address offer attempt (policy-other.rules) * 1:51069 <-> DISABLED <-> POLICY-OTHER DHCP broadcast address offer attempt (policy-other.rules) * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules) * 1:51024 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:51018 <-> DISABLED <-> SERVER-OTHER DualDesk v20 Proxy.exe long string denial of service attempt (server-other.rules) * 1:51019 <-> DISABLED <-> SERVER-OTHER Tiny HTTP server head request denial of service attempt (server-other.rules) * 1:51058 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:51020 <-> DISABLED <-> SERVER-WEBAPP XStream void primitive denial of service attempt (server-webapp.rules) * 1:51059 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51043 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Lazarus variant outbound connection (malware-cnc.rules) * 1:51044 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Lazarus variant outbound connection (malware-cnc.rules) * 1:51045 <-> DISABLED <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt (server-other.rules) * 1:51046 <-> DISABLED <-> SERVER-OTHER PostgreSQL interval stack buffer overflow attempt (server-other.rules) * 1:51047 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51048 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51049 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51050 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51051 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51052 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51053 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51054 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51055 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51037 <-> DISABLED <-> POLICY-OTHER IGMP membership query attempt (policy-other.rules) * 1:51056 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51038 <-> DISABLED <-> BROWSER-IE Microsoft XML core services cross-domain information disclosure attempt (browser-ie.rules) * 1:51057 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules)
* 1:49124 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:30215 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (file-multimedia.rules) * 1:49292 <-> ENABLED <-> FILE-OTHER WinRAR ACE remote code execution attempt (file-other.rules) * 1:50443 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:49123 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:19813 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt (server-webapp.rules) * 1:49291 <-> ENABLED <-> FILE-OTHER WinRAR ACE remote code execution attempt (file-other.rules) * 1:29871 <-> DISABLED <-> SERVER-ORACLE Oracle Reports server remote code execution attempt (server-oracle.rules) * 1:49557 <-> ENABLED <-> SERVER-WEBAPP Apache Solr jmx.serviceUrl remote code execution attempt (server-webapp.rules) * 1:50441 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:50442 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:50444 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:50920 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station information disclosure attempt (server-webapp.rules) * 1:40482 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:49125 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:46375 <-> DISABLED <-> SERVER-OTHER DualDesk v20 Proxy.exe long string denial of service attempt (server-other.rules) * 1:49122 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51028 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:51032 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules) * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:51031 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:51029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:51063 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:51037 <-> DISABLED <-> POLICY-OTHER IGMP membership query attempt (policy-other.rules) * 1:51030 <-> DISABLED <-> PROTOCOL-SCADA Sielco Sistemi Winlog Lite buffer overflow attempt (protocol-scada.rules) * 1:51064 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:51065 <-> DISABLED <-> POLICY-OTHER TCP FIN packet and URG set attempt (policy-other.rules) * 1:51066 <-> DISABLED <-> POLICY-OTHER TCP SYN packet and URG set attempt (policy-other.rules) * 1:51067 <-> DISABLED <-> POLICY-OTHER DHCP loopback address offer attempt (policy-other.rules) * 1:51042 <-> DISABLED <-> SERVER-OTHER ZeroMQ libzmq pointer overflow attempt (server-other.rules) * 1:51068 <-> DISABLED <-> POLICY-OTHER DHCP multicast address offer attempt (policy-other.rules) * 1:51069 <-> DISABLED <-> POLICY-OTHER DHCP broadcast address offer attempt (policy-other.rules) * 1:51041 <-> DISABLED <-> SERVER-OTHER LCDproc Server test_func_func stack buffer overflow attempt (server-other.rules) * 1:51027 <-> DISABLED <-> SERVER-OTHER Novell iManager ASN.1 client hello parsing denial of service attempt (server-other.rules) * 1:51039 <-> DISABLED <-> OS-WINDOWS Microsoft Windows OLE32 MSHTA masquerade attempt (os-windows.rules) * 1:51040 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (file-multimedia.rules) * 1:51060 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51033 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Clipbanker file download attempt (malware-cnc.rules) * 1:51035 <-> DISABLED <-> POLICY-OTHER IP option strict source routing attempt (policy-other.rules) * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:51018 <-> DISABLED <-> SERVER-OTHER DualDesk v20 Proxy.exe long string denial of service attempt (server-other.rules) * 1:51036 <-> DISABLED <-> POLICY-OTHER IP option loose source routing attempt (policy-other.rules) * 1:51061 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51034 <-> DISABLED <-> POLICY-OTHER IP option loose source routing attempt (policy-other.rules) * 1:51062 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51019 <-> DISABLED <-> SERVER-OTHER Tiny HTTP server head request denial of service attempt (server-other.rules) * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules) * 1:51057 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51058 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51043 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Lazarus variant outbound connection (malware-cnc.rules) * 1:51044 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Lazarus variant outbound connection (malware-cnc.rules) * 1:51045 <-> DISABLED <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt (server-other.rules) * 1:51024 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:51046 <-> DISABLED <-> SERVER-OTHER PostgreSQL interval stack buffer overflow attempt (server-other.rules) * 1:51047 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51020 <-> DISABLED <-> SERVER-WEBAPP XStream void primitive denial of service attempt (server-webapp.rules) * 1:51048 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51049 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51050 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51051 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51052 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51053 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51054 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51055 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51056 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51038 <-> DISABLED <-> BROWSER-IE Microsoft XML core services cross-domain information disclosure attempt (browser-ie.rules) * 1:51059 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules)
* 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:19813 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt (server-webapp.rules) * 1:49292 <-> ENABLED <-> FILE-OTHER WinRAR ACE remote code execution attempt (file-other.rules) * 1:50920 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station information disclosure attempt (server-webapp.rules) * 1:49557 <-> ENABLED <-> SERVER-WEBAPP Apache Solr jmx.serviceUrl remote code execution attempt (server-webapp.rules) * 1:50444 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:40482 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:30215 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (file-multimedia.rules) * 1:46375 <-> DISABLED <-> SERVER-OTHER DualDesk v20 Proxy.exe long string denial of service attempt (server-other.rules) * 1:49122 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:49124 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:49125 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:49291 <-> ENABLED <-> FILE-OTHER WinRAR ACE remote code execution attempt (file-other.rules) * 1:50441 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:49123 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:50442 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:29871 <-> DISABLED <-> SERVER-ORACLE Oracle Reports server remote code execution attempt (server-oracle.rules) * 1:50443 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
