Talos has added and modified multiple rules in the file-image, os-other, protocol-ftp, server-mysql and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59687 <-> DISABLED <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt (server-other.rules) * 1:59688 <-> DISABLED <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt (server-other.rules) * 1:59689 <-> DISABLED <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt (server-other.rules) * 1:59690 <-> DISABLED <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt (protocol-ftp.rules) * 1:59691 <-> DISABLED <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt (server-other.rules) * 1:59692 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59693 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59694 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59695 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59696 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt (server-other.rules) * 1:59697 <-> DISABLED <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt (file-image.rules) * 1:59698 <-> DISABLED <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt (file-image.rules) * 1:59699 <-> DISABLED <-> SERVER-WEBAPP Magento PHP object injection attempt (server-webapp.rules)
* 1:51333 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS record tampering denial of service attempt (server-other.rules) * 1:51334 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS record tampering denial of service attempt (server-other.rules) * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59697 <-> DISABLED <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt (file-image.rules) * 1:59693 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59699 <-> DISABLED <-> SERVER-WEBAPP Magento PHP object injection attempt (server-webapp.rules) * 1:59694 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59689 <-> DISABLED <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt (server-other.rules) * 1:59698 <-> DISABLED <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt (file-image.rules) * 1:59687 <-> DISABLED <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt (server-other.rules) * 1:59688 <-> DISABLED <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt (server-other.rules) * 1:59691 <-> DISABLED <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt (server-other.rules) * 1:59690 <-> DISABLED <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt (protocol-ftp.rules) * 1:59695 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59696 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt (server-other.rules) * 1:59692 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules)
* 1:51333 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS record tampering denial of service attempt (server-other.rules) * 1:51334 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS record tampering denial of service attempt (server-other.rules) * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59693 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59699 <-> DISABLED <-> SERVER-WEBAPP Magento PHP object injection attempt (server-webapp.rules) * 1:59690 <-> DISABLED <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt (protocol-ftp.rules) * 1:59691 <-> DISABLED <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt (server-other.rules) * 1:59698 <-> DISABLED <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt (file-image.rules) * 1:59687 <-> DISABLED <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt (server-other.rules) * 1:59689 <-> DISABLED <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt (server-other.rules) * 1:59695 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59692 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59694 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59696 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt (server-other.rules) * 1:59697 <-> DISABLED <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt (file-image.rules) * 1:59688 <-> DISABLED <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt (server-other.rules)
* 1:51333 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS record tampering denial of service attempt (server-other.rules) * 1:51334 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS record tampering denial of service attempt (server-other.rules) * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59698 <-> DISABLED <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt (file-image.rules) * 1:59695 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59699 <-> DISABLED <-> SERVER-WEBAPP Magento PHP object injection attempt (server-webapp.rules) * 1:59697 <-> DISABLED <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt (file-image.rules) * 1:59691 <-> DISABLED <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt (server-other.rules) * 1:59689 <-> DISABLED <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt (server-other.rules) * 1:59696 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt (server-other.rules) * 1:59687 <-> DISABLED <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt (server-other.rules) * 1:59690 <-> DISABLED <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt (protocol-ftp.rules) * 1:59694 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59692 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59693 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59688 <-> DISABLED <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt (server-other.rules)
* 1:51333 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS record tampering denial of service attempt (server-other.rules) * 1:51334 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS record tampering denial of service attempt (server-other.rules) * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59698 <-> DISABLED <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt (file-image.rules) * 1:59689 <-> DISABLED <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt (server-other.rules) * 1:59691 <-> DISABLED <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt (server-other.rules) * 1:59687 <-> DISABLED <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt (server-other.rules) * 1:59699 <-> DISABLED <-> SERVER-WEBAPP Magento PHP object injection attempt (server-webapp.rules) * 1:59694 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59690 <-> DISABLED <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt (protocol-ftp.rules) * 1:59693 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59695 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59697 <-> DISABLED <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt (file-image.rules) * 1:59696 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt (server-other.rules) * 1:59692 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59688 <-> DISABLED <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt (server-other.rules)
* 1:51333 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS record tampering denial of service attempt (server-other.rules) * 1:51334 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS record tampering denial of service attempt (server-other.rules) * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59695 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59694 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59697 <-> DISABLED <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt (file-image.rules) * 1:59696 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt (server-other.rules) * 1:59687 <-> DISABLED <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt (server-other.rules) * 1:59698 <-> DISABLED <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt (file-image.rules) * 1:59689 <-> DISABLED <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt (server-other.rules) * 1:59693 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59699 <-> DISABLED <-> SERVER-WEBAPP Magento PHP object injection attempt (server-webapp.rules) * 1:59691 <-> DISABLED <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt (server-other.rules) * 1:59690 <-> DISABLED <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt (protocol-ftp.rules) * 1:59688 <-> DISABLED <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt (server-other.rules) * 1:59692 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules)
* 1:51333 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS record tampering denial of service attempt (server-other.rules) * 1:51334 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS record tampering denial of service attempt (server-other.rules) * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59698 <-> DISABLED <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt (file-image.rules) * 1:59697 <-> DISABLED <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt (file-image.rules) * 1:59699 <-> DISABLED <-> SERVER-WEBAPP Magento PHP object injection attempt (server-webapp.rules) * 1:59692 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59695 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59688 <-> DISABLED <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt (server-other.rules) * 1:59689 <-> DISABLED <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt (server-other.rules) * 1:59696 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt (server-other.rules) * 1:59694 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59690 <-> DISABLED <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt (protocol-ftp.rules) * 1:59693 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59691 <-> DISABLED <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt (server-other.rules) * 1:59687 <-> DISABLED <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt (server-other.rules)
* 1:51333 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS record tampering denial of service attempt (server-other.rules) * 1:51334 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS record tampering denial of service attempt (server-other.rules) * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59690 <-> DISABLED <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt (protocol-ftp.rules) * 1:59693 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59695 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59688 <-> DISABLED <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt (server-other.rules) * 1:59691 <-> DISABLED <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt (server-other.rules) * 1:59689 <-> DISABLED <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt (server-other.rules) * 1:59699 <-> DISABLED <-> SERVER-WEBAPP Magento PHP object injection attempt (server-webapp.rules) * 1:59687 <-> DISABLED <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt (server-other.rules) * 1:59692 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59694 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59697 <-> DISABLED <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt (file-image.rules) * 1:59698 <-> DISABLED <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt (file-image.rules) * 1:59696 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt (server-other.rules)
* 1:51333 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS record tampering denial of service attempt (server-other.rules) * 1:51334 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS record tampering denial of service attempt (server-other.rules) * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59689 <-> DISABLED <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt (server-other.rules) * 1:59690 <-> DISABLED <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt (protocol-ftp.rules) * 1:59698 <-> DISABLED <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt (file-image.rules) * 1:59693 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59687 <-> DISABLED <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt (server-other.rules) * 1:59694 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59699 <-> DISABLED <-> SERVER-WEBAPP Magento PHP object injection attempt (server-webapp.rules) * 1:59697 <-> DISABLED <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt (file-image.rules) * 1:59688 <-> DISABLED <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt (server-other.rules) * 1:59696 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt (server-other.rules) * 1:59692 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59691 <-> DISABLED <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt (server-other.rules) * 1:59695 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules)
* 1:51333 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS record tampering denial of service attempt (server-other.rules) * 1:51334 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS record tampering denial of service attempt (server-other.rules) * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59699 <-> DISABLED <-> SERVER-WEBAPP Magento PHP object injection attempt (server-webapp.rules) * 1:59698 <-> DISABLED <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt (file-image.rules) * 1:59688 <-> DISABLED <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt (server-other.rules) * 1:59696 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt (server-other.rules) * 1:59697 <-> DISABLED <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt (file-image.rules) * 1:59692 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59693 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59691 <-> DISABLED <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt (server-other.rules) * 1:59687 <-> DISABLED <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt (server-other.rules) * 1:59689 <-> DISABLED <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt (server-other.rules) * 1:59690 <-> DISABLED <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt (protocol-ftp.rules) * 1:59694 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59695 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules)
* 1:51333 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS record tampering denial of service attempt (server-other.rules) * 1:51334 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS record tampering denial of service attempt (server-other.rules) * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:300092 <-> ENABLED <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt (snort3-server-other.rules) * 1:300093 <-> ENABLED <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt (snort3-protocol-ftp.rules) * 1:300099 <-> ENABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt (snort3-server-other.rules) * 1:300095 <-> ENABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (snort3-server-mysql.rules) * 1:300102 <-> ENABLED <-> SERVER-WEBAPP Magento PHP object injection attempt (snort3-server-webapp.rules) * 1:300096 <-> ENABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (snort3-server-mysql.rules) * 1:300090 <-> ENABLED <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt (snort3-server-other.rules) * 1:300098 <-> ENABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (snort3-server-mysql.rules) * 1:300094 <-> ENABLED <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt (snort3-server-other.rules) * 1:300097 <-> ENABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (snort3-server-mysql.rules) * 1:300091 <-> ENABLED <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt (snort3-server-other.rules) * 1:300100 <-> ENABLED <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt (snort3-file-image.rules) * 1:300101 <-> ENABLED <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt (snort3-file-image.rules)
* 1:51898 <-> ENABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (snort3-os-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:59697 <-> DISABLED <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt (file-image.rules) * 1:59688 <-> DISABLED <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt (server-other.rules) * 1:59691 <-> DISABLED <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt (server-other.rules) * 1:59687 <-> DISABLED <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt (server-other.rules) * 1:59699 <-> DISABLED <-> SERVER-WEBAPP Magento PHP object injection attempt (server-webapp.rules) * 1:59689 <-> DISABLED <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt (server-other.rules) * 1:59696 <-> DISABLED <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt (server-other.rules) * 1:59690 <-> DISABLED <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt (protocol-ftp.rules) * 1:59694 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59695 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59692 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules) * 1:59698 <-> DISABLED <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt (file-image.rules) * 1:59693 <-> DISABLED <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt (server-mysql.rules)
* 1:51333 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS record tampering denial of service attempt (server-other.rules) * 1:51334 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS record tampering denial of service attempt (server-other.rules) * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:300090 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300091 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300092 <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt * 1:300093 <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt * 1:300094 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:300095 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300096 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300097 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300098 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300099 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt * 1:300100 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300101 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300102 <-> SERVER-WEBAPP Magento PHP object injection attempt
* 1:51898 <-> OS-OTHER Cisco Nexus OS software command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:300090 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300091 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300092 <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt * 1:300093 <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt * 1:300094 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:300095 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300096 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300097 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300098 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300099 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt * 1:300100 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300101 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300102 <-> SERVER-WEBAPP Magento PHP object injection attempt
* 1:51898 <-> OS-OTHER Cisco Nexus OS software command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:300090 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300091 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300092 <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt * 1:300093 <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt * 1:300094 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:300095 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300096 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300097 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300098 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300099 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt * 1:300100 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300101 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300102 <-> SERVER-WEBAPP Magento PHP object injection attempt
* 1:51898 <-> OS-OTHER Cisco Nexus OS software command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:300090 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300091 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300092 <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt * 1:300093 <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt * 1:300094 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:300095 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300096 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300097 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300098 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300099 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt * 1:300100 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300101 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300102 <-> SERVER-WEBAPP Magento PHP object injection attempt
* 1:51898 <-> OS-OTHER Cisco Nexus OS software command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:300090 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300091 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300092 <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt * 1:300093 <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt * 1:300094 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:300095 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300096 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300097 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300098 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300099 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt * 1:300100 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300101 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300102 <-> SERVER-WEBAPP Magento PHP object injection attempt
* 1:51898 <-> OS-OTHER Cisco Nexus OS software command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:300090 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300091 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300092 <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt * 1:300093 <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt * 1:300094 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:300095 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300096 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300097 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300098 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300099 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt * 1:300100 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300101 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300102 <-> SERVER-WEBAPP Magento PHP object injection attempt
* 1:51898 <-> OS-OTHER Cisco Nexus OS software command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:300090 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300091 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300092 <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt * 1:300093 <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt * 1:300094 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:300095 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300096 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300097 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300098 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300099 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt * 1:300100 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300101 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300102 <-> SERVER-WEBAPP Magento PHP object injection attempt
* 1:51898 <-> OS-OTHER Cisco Nexus OS software command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:300090 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300091 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300092 <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt * 1:300093 <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt * 1:300094 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:300095 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300096 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300097 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300098 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300099 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt * 1:300100 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300101 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300102 <-> SERVER-WEBAPP Magento PHP object injection attempt
* 1:51898 <-> OS-OTHER Cisco Nexus OS software command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:300090 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300091 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300092 <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt * 1:300093 <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt * 1:300094 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:300095 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300096 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300097 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300098 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300099 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt * 1:300100 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300101 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300102 <-> SERVER-WEBAPP Magento PHP object injection attempt
* 1:51898 <-> OS-OTHER Cisco Nexus OS software command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:300090 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300091 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300092 <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt * 1:300093 <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt * 1:300094 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:300095 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300096 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300097 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300098 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300099 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt * 1:300100 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300101 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300102 <-> SERVER-WEBAPP Magento PHP object injection attempt
* 1:51898 <-> OS-OTHER Cisco Nexus OS software command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:300090 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300091 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300092 <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt * 1:300093 <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt * 1:300094 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:300095 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300096 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300097 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300098 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300099 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt * 1:300100 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300101 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300102 <-> SERVER-WEBAPP Magento PHP object injection attempt
* 1:51898 <-> OS-OTHER Cisco Nexus OS software command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:300090 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300091 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300092 <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt * 1:300093 <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt * 1:300094 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:300095 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300096 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300097 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300098 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300099 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt * 1:300100 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300101 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300102 <-> SERVER-WEBAPP Magento PHP object injection attempt
* 1:51898 <-> OS-OTHER Cisco Nexus OS software command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:300090 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300091 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300092 <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt * 1:300093 <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt * 1:300094 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:300095 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300096 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300097 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300098 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300099 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt * 1:300100 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300101 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300102 <-> SERVER-WEBAPP Magento PHP object injection attempt
* 1:51898 <-> OS-OTHER Cisco Nexus OS software command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:300090 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300091 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300092 <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt * 1:300093 <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt * 1:300094 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:300095 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300096 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300097 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300098 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300099 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt * 1:300100 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300101 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300102 <-> SERVER-WEBAPP Magento PHP object injection attempt
* 1:51898 <-> OS-OTHER Cisco Nexus OS software command injection attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:300090 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300091 <-> SERVER-OTHER Symantec Messaging Gateway default ssh credentials use attempt * 1:300092 <-> SERVER-OTHER Advantech Webaccess BwPAlarm.dll buffer overflow attempt * 1:300093 <-> PROTOCOL-FTP Attachmate Reflection FTP client buffer overflow attempt * 1:300094 <-> SERVER-OTHER Quagga BGP Daemon bgp_update_receive double free attempt * 1:300095 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300096 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300097 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300098 <-> SERVER-MYSQL Dell OpenManage Network Manager remote code execution attempt * 1:300099 <-> SERVER-OTHER HP Enterprise Intelligent Management Center dbman opcode 10010 arbitrary file write attempt * 1:300100 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300101 <-> FILE-IMAGE Apple CUPS gif_read_lzw heap buffer overflow attempt * 1:300102 <-> SERVER-WEBAPP Magento PHP object injection attempt
* 1:51898 <-> OS-OTHER Cisco Nexus OS software command injection attempt
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
