Talos Rules 2015-12-22
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-flash, file-multimedia, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2015-12-22 23:15:40 UTC

Snort Subscriber Rules Update

Date: 2015-12-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:37187 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37154 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid RSASSA-PSS certificate denial of service attempt (server-other.rules)
 * 1:37181 <-> ENABLED <-> FILE-FLASH Adobe Flash Player String null check memory corruption attempt (file-flash.rules)
 * 1:37183 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37192 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37180 <-> ENABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules)
 * 1:37182 <-> ENABLED <-> FILE-FLASH Adobe Flash Player String null check memory corruption attempt (file-flash.rules)
 * 1:37179 <-> ENABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules)
 * 1:37176 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37177 <-> ENABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules)
 * 1:37178 <-> ENABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules)
 * 1:37171 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37175 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37173 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37174 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37170 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37172 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37169 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37166 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules)
 * 1:37167 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules)
 * 1:37168 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules)
 * 1:37161 <-> ENABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules)
 * 1:37165 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules)
 * 1:37163 <-> ENABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules)
 * 1:37164 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hpastal outbound email attempt (malware-cnc.rules)
 * 1:37160 <-> ENABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules)
 * 1:37162 <-> ENABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules)
 * 1:37159 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules)
 * 1:37158 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules)
 * 1:37155 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid RSASSA-PSS certificate denial of service attempt (server-other.rules)
 * 1:37156 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules)
 * 1:37152 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules)
 * 1:37153 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules)
 * 1:37151 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules)
 * 1:37149 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37150 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37157 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules)
 * 1:37188 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37189 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37193 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37148 <-> DISABLED <-> SERVER-WEBAPP WordPress Gallery Objects Plugin viewid SQL injection attempt (server-webapp.rules)
 * 1:37147 <-> DISABLED <-> SERVER-OTHER Seagate GoFlex Satellite hidden credentials authentication attempt (server-other.rules)
 * 1:37186 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37190 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37191 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37194 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37185 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37184 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)

Modified Rules:


 * 1:35063 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:15995 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules)
 * 1:35062 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 3:35898 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 3:35909 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight buffer overflow attempt (server-other.rules)
 * 3:35927 <-> ENABLED <-> SERVER-WEBAPP Oracle Identity Management remote file execution attempt (server-webapp.rules)
 * 3:35897 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules)
 * 3:35910 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight information disclosure attempt (server-other.rules)
 * 3:35926 <-> ENABLED <-> SERVER-WEBAPP Oracle Identity Management authorization bypass attempt (server-webapp.rules)

2015-12-22 23:15:40 UTC

Snort Subscriber Rules Update

Date: 2015-12-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2975.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:37185 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37166 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules)
 * 1:37167 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules)
 * 1:37164 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hpastal outbound email attempt (malware-cnc.rules)
 * 1:37165 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules)
 * 1:37162 <-> ENABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules)
 * 1:37163 <-> ENABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules)
 * 1:37160 <-> ENABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules)
 * 1:37161 <-> ENABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules)
 * 1:37158 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules)
 * 1:37159 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules)
 * 1:37156 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules)
 * 1:37153 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules)
 * 1:37155 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid RSASSA-PSS certificate denial of service attempt (server-other.rules)
 * 1:37152 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules)
 * 1:37151 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules)
 * 1:37149 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37150 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37154 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid RSASSA-PSS certificate denial of service attempt (server-other.rules)
 * 1:37157 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules)
 * 1:37187 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37192 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37182 <-> ENABLED <-> FILE-FLASH Adobe Flash Player String null check memory corruption attempt (file-flash.rules)
 * 1:37183 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37180 <-> ENABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules)
 * 1:37181 <-> ENABLED <-> FILE-FLASH Adobe Flash Player String null check memory corruption attempt (file-flash.rules)
 * 1:37178 <-> ENABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules)
 * 1:37179 <-> ENABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules)
 * 1:37174 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37177 <-> ENABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules)
 * 1:37176 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37175 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37172 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37173 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37170 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37171 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37168 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules)
 * 1:37169 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37194 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37191 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37189 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37190 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37186 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37188 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37147 <-> DISABLED <-> SERVER-OTHER Seagate GoFlex Satellite hidden credentials authentication attempt (server-other.rules)
 * 1:37148 <-> DISABLED <-> SERVER-WEBAPP WordPress Gallery Objects Plugin viewid SQL injection attempt (server-webapp.rules)
 * 1:37193 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37184 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)

Modified Rules:


 * 1:35063 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35062 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:15995 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules)
 * 3:35898 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 3:35909 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight buffer overflow attempt (server-other.rules)
 * 3:35910 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight information disclosure attempt (server-other.rules)
 * 3:35926 <-> ENABLED <-> SERVER-WEBAPP Oracle Identity Management authorization bypass attempt (server-webapp.rules)
 * 3:35927 <-> ENABLED <-> SERVER-WEBAPP Oracle Identity Management remote file execution attempt (server-webapp.rules)
 * 3:35897 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules)

2015-12-22 23:15:40 UTC

Snort Subscriber Rules Update

Date: 2015-12-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:37183 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37181 <-> ENABLED <-> FILE-FLASH Adobe Flash Player String null check memory corruption attempt (file-flash.rules)
 * 1:37182 <-> ENABLED <-> FILE-FLASH Adobe Flash Player String null check memory corruption attempt (file-flash.rules)
 * 1:37180 <-> ENABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules)
 * 1:37177 <-> ENABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules)
 * 1:37179 <-> ENABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules)
 * 1:37178 <-> ENABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules)
 * 1:37175 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37176 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37173 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37174 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37171 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37172 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37169 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37170 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37167 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules)
 * 1:37168 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules)
 * 1:37165 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules)
 * 1:37166 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules)
 * 1:37163 <-> ENABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules)
 * 1:37164 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hpastal outbound email attempt (malware-cnc.rules)
 * 1:37161 <-> ENABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules)
 * 1:37162 <-> ENABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules)
 * 1:37160 <-> ENABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules)
 * 1:37159 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules)
 * 1:37158 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules)
 * 1:37155 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid RSASSA-PSS certificate denial of service attempt (server-other.rules)
 * 1:37156 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules)
 * 1:37153 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules)
 * 1:37151 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules)
 * 1:37152 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules)
 * 1:37150 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37149 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37147 <-> DISABLED <-> SERVER-OTHER Seagate GoFlex Satellite hidden credentials authentication attempt (server-other.rules)
 * 1:37148 <-> DISABLED <-> SERVER-WEBAPP WordPress Gallery Objects Plugin viewid SQL injection attempt (server-webapp.rules)
 * 1:37154 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid RSASSA-PSS certificate denial of service attempt (server-other.rules)
 * 1:37157 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules)
 * 1:37194 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37193 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37192 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37191 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37190 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37189 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37188 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37187 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37186 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37185 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37184 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)

Modified Rules:


 * 1:35063 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35062 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:15995 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules)
 * 3:35926 <-> ENABLED <-> SERVER-WEBAPP Oracle Identity Management authorization bypass attempt (server-webapp.rules)
 * 3:35910 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight information disclosure attempt (server-other.rules)
 * 3:35898 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 3:35909 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight buffer overflow attempt (server-other.rules)
 * 3:35927 <-> ENABLED <-> SERVER-WEBAPP Oracle Identity Management remote file execution attempt (server-webapp.rules)
 * 3:35897 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules)

2015-12-22 23:15:40 UTC

Snort Subscriber Rules Update

Date: 2015-12-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2980.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:37194 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37193 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37192 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37191 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37190 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37189 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37188 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37187 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37186 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37185 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37184 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37183 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules)
 * 1:37182 <-> ENABLED <-> FILE-FLASH Adobe Flash Player String null check memory corruption attempt (file-flash.rules)
 * 1:37181 <-> ENABLED <-> FILE-FLASH Adobe Flash Player String null check memory corruption attempt (file-flash.rules)
 * 1:37180 <-> ENABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules)
 * 1:37179 <-> ENABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules)
 * 1:37178 <-> ENABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules)
 * 1:37177 <-> ENABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules)
 * 1:37176 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37175 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37174 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37173 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37172 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37171 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37170 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37169 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules)
 * 1:37168 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules)
 * 1:37167 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules)
 * 1:37166 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules)
 * 1:37165 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules)
 * 1:37164 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hpastal outbound email attempt (malware-cnc.rules)
 * 1:37163 <-> ENABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules)
 * 1:37162 <-> ENABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules)
 * 1:37161 <-> ENABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules)
 * 1:37160 <-> ENABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules)
 * 1:37159 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules)
 * 1:37158 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules)
 * 1:37157 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules)
 * 1:37156 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules)
 * 1:37155 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid RSASSA-PSS certificate denial of service attempt (server-other.rules)
 * 1:37154 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid RSASSA-PSS certificate denial of service attempt (server-other.rules)
 * 1:37153 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules)
 * 1:37152 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules)
 * 1:37151 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules)
 * 1:37150 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37149 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37148 <-> DISABLED <-> SERVER-WEBAPP WordPress Gallery Objects Plugin viewid SQL injection attempt (server-webapp.rules)
 * 1:37147 <-> DISABLED <-> SERVER-OTHER Seagate GoFlex Satellite hidden credentials authentication attempt (server-other.rules)

Modified Rules:


 * 1:35062 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35063 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:15995 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules)
 * 3:35910 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight information disclosure attempt (server-other.rules)
 * 3:35926 <-> ENABLED <-> SERVER-WEBAPP Oracle Identity Management authorization bypass attempt (server-webapp.rules)
 * 3:35898 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
 * 3:35897 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules)
 * 3:35909 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight buffer overflow attempt (server-other.rules)
 * 3:35927 <-> ENABLED <-> SERVER-WEBAPP Oracle Identity Management remote file execution attempt (server-webapp.rules)