Sourcefire VRT Rules Update

Date: 2012-12-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.3.0.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:24993 <-> DISABLED <-> FILE-OTHER Oracle Java Applet remote code execution attempt (file-other.rules)
 * 1:24991 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:24992 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:24989 <-> ENABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:24990 <-> ENABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:24986 <-> ENABLED <-> FILE-FLASH Adobe Flash player index overflow attempt (file-flash.rules)
 * 1:24988 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro v2 UDP flood attempt (malware-other.rules)
 * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe FlashPlayer loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:24985 <-> ENABLED <-> FILE-FLASH Adobe Flash player index overflow attempt (file-flash.rules)
 * 1:24981 <-> ENABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24983 <-> ENABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24980 <-> ENABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24998 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:24999 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:24997 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:25000 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:25001 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Narilam variant outbound connection (malware-other.rules)
 * 1:24996 <-> DISABLED <-> SERVER-OTHER Free Software Foundation GnuTLS record application integer overflow attempt (server-other.rules)
 * 1:24995 <-> DISABLED <-> SERVER-OTHER Free Software Foundation GnuTLS record application integer overflow attempt (server-other.rules)
 * 1:25002 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Narilam variant inbound attachemtn (malware-other.rules)
 * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules)
 * 1:24982 <-> ENABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:25004 <-> DISABLED <-> BROWSER-PLUGINS ClearQuest session stack corruption attempt (browser-plugins.rules)
 * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules)
 * 1:25005 <-> DISABLED <-> BROWSER-PLUGINS ClearQuest session stack corruption attempt (browser-plugins.rules)
 * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules)

Modified Rules:


 * 1:24321 <-> DISABLED <-> SERVER-OTHER HP StorageWorks File Migration Agent buffer overflow attempt (server-other.rules)
 * 1:24480 <-> DISABLED <-> SCADA WellinTech Kingview HMI history server buffer overflow attempt (scada.rules)
 * 1:20622 <-> DISABLED <-> FILE-OTHER Oracle Java Applet remote code execution attempt (file-other.rules)
 * 1:24396 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro UDP flood (malware-other.rules)
 * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:13363 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt (server-other.rules)
 * 1:24872 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules)
 * 1:17331 <-> ENABLED <-> SERVER-MAIL IBM Lotus Notes HTML Speed Reader Long URL buffer overflow attempt (server-mail.rules)
 * 1:19873 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS style memory corruption attempt (browser-ie.rules)
 * 1:16674 <-> ENABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules)
 * 1:24685 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:18998 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules)
 * 1:19938 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt (server-other.rules)
 * 1:19957 <-> DISABLED <-> MALWARE-CNC Arabian-Attacker 1.1.0 outbound connection (malware-cnc.rules)
 * 1:24680 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:24681 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:24684 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:24871 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules)
 * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:20288 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer QCP parsing buffer overflow attempt (file-multimedia.rules)
 * 1:24898 <-> DISABLED <-> SERVER-OTHER ABB Multiple Product RobNetScanHost.exe buffer overflow attempt (server-other.rules)