Sourcefire VRT Rules Update

Date: 2012-11-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.2.3.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:24753 <-> ENABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24754 <-> ENABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24752 <-> ENABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24731 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules)
 * 1:24732 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules)
 * 1:24728 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules)
 * 1:24730 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules)
 * 1:24749 <-> ENABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24748 <-> ENABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24747 <-> ENABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24743 <-> ENABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24776 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access (browser-plugins.rules)
 * 1:24742 <-> ENABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24770 <-> DISABLED <-> FILE-OTHER Oracle Java privileged protection domain exploitation attempt (file-other.rules)
 * 1:24771 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes buffer overflow ActiveX clsid access (browser-plugins.rules)
 * 1:24767 <-> ENABLED <-> SERVER-WEBAPP Novell File Reporter FSFUI request directory traversal attempt (server-webapp.rules)
 * 1:24769 <-> DISABLED <-> FILE-OTHER Oracle Java privileged protection domain exploitation attempt (file-other.rules)
 * 1:24766 <-> ENABLED <-> SERVER-WEBAPP Novell File Reporter SRS request arbitrary file download attempt (server-webapp.rules)
 * 1:24765 <-> ENABLED <-> SERVER-WEBAPP Novell File Reporter SRS request heap overflow attempt (server-webapp.rules)
 * 1:24764 <-> ENABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24760 <-> ENABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24759 <-> ENABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24757 <-> ENABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24756 <-> ENABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24755 <-> ENABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24745 <-> ENABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24744 <-> ENABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24773 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes buffer overflow ActiveX clsid access (browser-plugins.rules)
 * 1:24741 <-> ENABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice arbitrary file deletion attempt (server-webapp.rules)
 * 1:24775 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX function call access (browser-plugins.rules)
 * 1:24746 <-> ENABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24777 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX function call access (browser-plugins.rules)
 * 1:24750 <-> ENABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24751 <-> ENABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24758 <-> ENABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24729 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules)
 * 1:24763 <-> ENABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules)
 * 1:24738 <-> ENABLED <-> EXPLOIT EMC AutoStart ftAgent.exe integer overflow attempt (exploit.rules)
 * 1:24768 <-> DISABLED <-> SERVER-OTHER RealPlayer Helix rn5auth credential overflow attempt (server-other.rules)
 * 1:24736 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules)
 * 1:24737 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules)
 * 1:24735 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules)
 * 1:24734 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules)
 * 1:24772 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes buffer overflow ActiveX function call access (browser-plugins.rules)
 * 1:24733 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules)
 * 1:24774 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access (browser-plugins.rules)
 * 1:24739 <-> DISABLED <-> SERVER-OTHER Gimp Script-Fu server buffer overflow attempt (server-other.rules)

Modified Rules:


 * 1:16192 <-> ENABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules)
 * 1:16445 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 ack response denial of service attempt (protocol-voip.rules)
 * 1:17531 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file JVTCompEncodeFrame heap overflow attempt (file-multimedia.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:16006 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime color table id memory corruption attempt (file-multimedia.rules)
 * 1:9430 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Movie link file URI security bypass attempt (file-multimedia.rules)
 * 1:9429 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Movie link scripting security bypass attempt (file-multimedia.rules)
 * 1:24719 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules)
 * 1:24700 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules)
 * 1:24491 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vundo redirection landing page pre-infection (malware-cnc.rules)
 * 1:24699 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules)
 * 1:24111 <-> DISABLED <-> BLACKLIST User-Agent known malicious user agent - Post (blacklist.rules)
 * 1:23806 <-> DISABLED <-> FILE-OTHER Oracle Outside-In JPEG2000 QCD segment processing heap buffer overflow attempt (file-other.rules)
 * 1:23581 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules)
 * 1:23170 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules)
 * 1:21342 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom cprt field attempt (file-multimedia.rules)
 * 1:22954 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed SELECTION Record Code Execution attempt (file-office.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:20158 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish Server default credentials login attempt (server-webapp.rules)