CVE-2014-9295: A coding deficiency exists in NTP that may lead to remote code execution.
A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 32890.
The VRT has also added and modified multiple rules in the browser-plugins, file-flash, file-multimedia, file-other and server-other rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2956.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:32890 <-> DISABLED <-> SERVER-OTHER ntpd configure buffer overflow attempt (server-other.rules) * 1:32897 <-> ENABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX function call access attempt (browser-plugins.rules) * 1:32896 <-> ENABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX clsid access attempt (browser-plugins.rules) * 1:32895 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX function call access attempt (browser-plugins.rules) * 1:32893 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Finforst outbound connection attempt (malware-cnc.rules) * 1:32892 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TorLocker variant outbound connection attempt (malware-cnc.rules) * 1:32891 <-> ENABLED <-> MALWARE-CNC Php.Malware.SoakSoakRedirect Malware traffic containing WordPress Administrator credentials (malware-cnc.rules) * 1:32898 <-> DISABLED <-> FILE-MULTIMEDIA Quicktime MJPEG Frame stsd Atom Heap Overflow attempt (file-multimedia.rules) * 1:32899 <-> DISABLED <-> FILE-MULTIMEDIA Quicktime MJPEG Frame stsd Atom Heap Overflow attempt (file-multimedia.rules) * 1:32894 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX clsid access attempt (browser-plugins.rules) * 1:32900 <-> DISABLED <-> FILE-FLASH Adobe Flash pepper player 307 redirect custom header cross domain policy evasion attempt (file-flash.rules)
* 1:32508 <-> ENABLED <-> FILE-OTHER Oracle Java SE GSUB FeatureCount Buffer Overflow attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:32897 <-> ENABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX function call access attempt (browser-plugins.rules) * 1:32898 <-> DISABLED <-> FILE-MULTIMEDIA Quicktime MJPEG Frame stsd Atom Heap Overflow attempt (file-multimedia.rules) * 1:32895 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX function call access attempt (browser-plugins.rules) * 1:32896 <-> ENABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX clsid access attempt (browser-plugins.rules) * 1:32894 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX clsid access attempt (browser-plugins.rules) * 1:32890 <-> DISABLED <-> SERVER-OTHER ntpd configure buffer overflow attempt (server-other.rules) * 1:32892 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TorLocker variant outbound connection attempt (malware-cnc.rules) * 1:32893 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Finforst outbound connection attempt (malware-cnc.rules) * 1:32891 <-> ENABLED <-> MALWARE-CNC Php.Malware.SoakSoakRedirect Malware traffic containing WordPress Administrator credentials (malware-cnc.rules) * 1:32900 <-> DISABLED <-> FILE-FLASH Adobe Flash pepper player 307 redirect custom header cross domain policy evasion attempt (file-flash.rules) * 1:32899 <-> DISABLED <-> FILE-MULTIMEDIA Quicktime MJPEG Frame stsd Atom Heap Overflow attempt (file-multimedia.rules)
* 1:32508 <-> ENABLED <-> FILE-OTHER Oracle Java SE GSUB FeatureCount Buffer Overflow attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:32900 <-> DISABLED <-> FILE-FLASH Adobe Flash pepper player 307 redirect custom header cross domain policy evasion attempt (file-flash.rules) * 1:32899 <-> DISABLED <-> FILE-MULTIMEDIA Quicktime MJPEG Frame stsd Atom Heap Overflow attempt (file-multimedia.rules) * 1:32898 <-> DISABLED <-> FILE-MULTIMEDIA Quicktime MJPEG Frame stsd Atom Heap Overflow attempt (file-multimedia.rules) * 1:32897 <-> ENABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX function call access attempt (browser-plugins.rules) * 1:32896 <-> ENABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX clsid access attempt (browser-plugins.rules) * 1:32895 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX function call access attempt (browser-plugins.rules) * 1:32894 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX clsid access attempt (browser-plugins.rules) * 1:32893 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Finforst outbound connection attempt (malware-cnc.rules) * 1:32892 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TorLocker variant outbound connection attempt (malware-cnc.rules) * 1:32891 <-> ENABLED <-> MALWARE-CNC Php.Malware.SoakSoakRedirect Malware traffic containing WordPress Administrator credentials (malware-cnc.rules) * 1:32890 <-> DISABLED <-> SERVER-OTHER ntpd configure buffer overflow attempt (server-other.rules)
* 1:32508 <-> ENABLED <-> FILE-OTHER Oracle Java SE GSUB FeatureCount Buffer Overflow attempt (file-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
