Sourcefire VRT Rules Update

Date: 2012-11-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.3.0.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:24714 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules)
 * 1:24715 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules)
 * 1:24712 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules)
 * 1:24713 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules)
 * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules)
 * 1:24711 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules)
 * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules)
 * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules)
 * 1:24706 <-> DISABLED <-> SERVER-WEBAPP Netop Remote Control dws file buffer overflow attempt (server-webapp.rules)
 * 1:24707 <-> DISABLED <-> SERVER-WEBAPP Netop Remote Control dws file buffer overflow attempt (server-webapp.rules)
 * 1:24705 <-> ENABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules)
 * 1:24703 <-> ENABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24704 <-> ENABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules)
 * 1:24701 <-> ENABLED <-> FILE-OTHER Oracle Java Runtime frue fype font idef opcode heap buffer overflow attempt (file-other.rules)
 * 1:24702 <-> ENABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24699 <-> DISABLED <-> FILE-MULTIMEDIA apple quicktime text track descriptors heap buffer overflow attempt (file-multimedia.rules)
 * 1:24700 <-> DISABLED <-> FILE-MULTIMEDIA apple quicktime text track descriptors heap buffer overflow attempt (file-multimedia.rules)
 * 1:24698 <-> DISABLED <-> SERVER-APACHE Apache mod_log_config cookie handling denial of service attempt (server-apache.rules)
 * 1:24696 <-> DISABLED <-> RPC EMC Networker nsrindexd.exe procedure 0x01 buffer overflow attempt (rpc.rules)
 * 1:24697 <-> ENABLED <-> SERVER-APACHE Apache mod_log_config cookie handling denial of service attempt (server-apache.rules)
 * 1:24692 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET exetension ActiveX clsid access (browser-plugins.rules)
 * 1:24695 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT file opcode corruption attempt (file-image.rules)
 * 1:24694 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT file opcode corruption attempt (file-image.rules)
 * 1:24693 <-> ENABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules)
 * 1:24686 <-> ENABLED <-> SERVER-OTHER HP StorageWorks file migration agent buffer overflow attempt (server-other.rules)
 * 1:24691 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET Extension ActiveX clsid access (browser-plugins.rules)
 * 1:24690 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET Extension ActiveX clsid access (browser-plugins.rules)
 * 1:24689 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET Extension ActiveX function call access (browser-plugins.rules)
 * 1:24688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:24687 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules)
 * 1:24685 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:24682 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:24683 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:24680 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:24678 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:24679 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:24677 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix server open PDU denial of service attempt (server-other.rules)
 * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules)
 * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules)
 * 1:24681 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:24684 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules)
 * 1:24727 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules)
 * 1:24726 <-> DISABLED <-> BROWSER-PLUGINS IBM Rational Rhapsody BBFlashback ActiveX function call access (browser-plugins.rules)
 * 1:24725 <-> DISABLED <-> BROWSER-PLUGINS IBM Rational Rhapsody BBFlashback ActiveX clsid access (browser-plugins.rules)
 * 1:24724 <-> DISABLED <-> BROWSER-PLUGINS IBM Rational Rhapsody BBFlashback ActiveX function call access (browser-plugins.rules)
 * 1:24723 <-> DISABLED <-> BROWSER-PLUGINS IBM Rational Rhapsody BBFlashback ActiveX clsid access (browser-plugins.rules)
 * 1:24722 <-> DISABLED <-> FILE-PDF Adobe Reader empty object page tree node reference attempt (file-pdf.rules)
 * 1:24721 <-> DISABLED <-> FILE-PDF Adobe Reader empty object page tree node reference attempt (file-pdf.rules)
 * 1:24720 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP keypad button message denial of service attempt (protocol-voip.rules)
 * 1:24719 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules)
 * 1:24718 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules)
 * 1:24717 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules)
 * 1:24716 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules)

Modified Rules:


 * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules)
 * 1:24395 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro TCP flood (malware-other.rules)
 * 1:20612 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Java AJP connector invalid header timeout DOS attempt (server-apache.rules)
 * 1:21522 <-> DISABLED <-> SERVER-APACHE Apache Struts parameters interceptor remote code execution attempt (server-apache.rules)
 * 1:16674 <-> ENABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules)
 * 1:17601 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox file type memory corruption attempt (browser-firefox.rules)