Talos Rules 2016-03-11
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the deleted, file-flash, file-multimedia, file-other, file-pdf and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2976

2016-03-11 23:09:05 UTC

Snort Subscriber Rules Update

Date: 2016-03-11

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:18692 <-> DISABLED <-> DELETED SERVER-OTHER clearing out junk (deleted.rules)
 * 1:23182 <-> ENABLED <-> SERVER-OTHER Joomla com_maqmahelpdesk task parameter local file inclusion attempt (server-other.rules)
 * 1:30577 <-> DISABLED <-> DELETED SERVER-OTHER clearing out junk 100166 (deleted.rules)
 * 1:30578 <-> DISABLED <-> DELETED SERVER-OTHER clearing out junk 100167 (deleted.rules)
 * 1:30579 <-> DISABLED <-> DELETED SERVER-OTHER clearing out junk 100168 (deleted.rules)
 * 1:30690 <-> DISABLED <-> DELETED SERVER-OTHER clearing out junk 100173 (deleted.rules)
 * 1:38164 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite UploadFileAction servlet directory traversal attempt (server-webapp.rules)
 * 1:38165 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules)
 * 1:38166 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules)
 * 1:38167 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules)
 * 1:38168 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules)
 * 1:38169 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules)
 * 1:38170 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules)
 * 1:38171 <-> ENABLED <-> FILE-OTHER Adobe Acrobat updaternotifications.dll dll-load exploit attempt (file-other.rules)
 * 1:38172 <-> DISABLED <-> FILE-OTHER Adobe Acrobat updaternotifications.dll dll-load exploit attempt (file-other.rules)
 * 1:38173 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules)
 * 1:38174 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules)
 * 1:38175 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules)
 * 1:38176 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules)
 * 1:38177 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player ASnative object use after free attempt (file-flash.rules)
 * 1:38178 <-> ENABLED <-> FILE-FLASH Microsoft Standalone Flash Player asNative object use after free attempt (file-flash.rules)
 * 1:38179 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player ASnative object use after free attempt (file-flash.rules)
 * 1:38180 <-> ENABLED <-> FILE-FLASH Microsoft Standalone Flash Player asNative object use after free attempt (file-flash.rules)
 * 1:38181 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules)
 * 1:38182 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules)
 * 1:38183 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules)
 * 1:38184 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules)
 * 1:38185 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setInterval use after free attempt (file-flash.rules)
 * 1:38186 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setInterval use after free attempt (file-flash.rules)
 * 1:38187 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setInterval use after free attempt (file-flash.rules)
 * 1:38188 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setInterval use after free attempt (file-flash.rules)
 * 1:38189 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules)
 * 1:38190 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules)
 * 1:38191 <-> ENABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules)
 * 1:38192 <-> ENABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules)
 * 1:38193 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setInterval use-after-free memory corruption attempt (file-flash.rules)
 * 1:38194 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setInterval use-after-free memory corruption attempt (file-flash.rules)
 * 1:38195 <-> ENABLED <-> FILE-FLASH Adobe Flash Player htmlText method use-after-free memory corruption attempt (file-flash.rules)
 * 1:38196 <-> ENABLED <-> FILE-FLASH Adobe Flash Player htmlText method use-after-free memory corruption attempt (file-flash.rules)
 * 1:38197 <-> ENABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules)
 * 1:38198 <-> ENABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules)
 * 1:38199 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.copyChannel access violation attempt (file-flash.rules)
 * 1:38200 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.copyChannel access violation attempt (file-flash.rules)
 * 1:38201 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 length tag out of bounds read attempt (file-multimedia.rules)
 * 1:38202 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 length tag out of bounds read attempt (file-multimedia.rules)
 * 1:38203 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.applyFilter access violation attempt (file-flash.rules)
 * 1:38204 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.applyFilter access violation attempt (file-flash.rules)
 * 1:38205 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules)
 * 1:38206 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules)
 * 1:38207 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules)
 * 1:38208 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules)
 * 1:38209 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed mp4 out of bounds write attempt (file-multimedia.rules)
 * 1:38210 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed mp4 out of bounds write attempt (file-multimedia.rules)
 * 1:38227 <-> DISABLED <-> FILE-FLASH Adobe Flash Player mp4 size memory corruption attempt (file-flash.rules)
 * 1:38226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid FLV header out of bounds write attempt (file-flash.rules)
 * 1:38225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid FLV header out of bounds write attempt (file-flash.rules)
 * 1:38224 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader annotation oversized array memory corruption attempt (file-pdf.rules)
 * 1:38223 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader annotation oversized array memory corruption attempt (file-pdf.rules)
 * 1:38222 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:38221 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:38220 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free (file-flash.rules)
 * 1:38219 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:38218 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed MP4 atom use-after-free attempt (file-multimedia.rules)
 * 1:38217 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed mp4 atom use-after-free attempt (file-multimedia.rules)
 * 1:38216 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules)
 * 1:38215 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules)
 * 1:38214 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules)
 * 1:38213 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules)
 * 1:38211 <-> ENABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules)
 * 1:38212 <-> ENABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules)

Modified Rules:


 * 1:37235 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules)
 * 1:37234 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules)

2980

2016-03-11 23:09:05 UTC

Snort Subscriber Rules Update

Date: 2016-03-11

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2980.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:38227 <-> DISABLED <-> FILE-FLASH Adobe Flash Player mp4 size memory corruption attempt (file-flash.rules)
 * 1:38226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid FLV header out of bounds write attempt (file-flash.rules)
 * 1:38225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid FLV header out of bounds write attempt (file-flash.rules)
 * 1:38224 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader annotation oversized array memory corruption attempt (file-pdf.rules)
 * 1:38223 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader annotation oversized array memory corruption attempt (file-pdf.rules)
 * 1:38222 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:38221 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:38220 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free (file-flash.rules)
 * 1:38219 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
 * 1:38218 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed MP4 atom use-after-free attempt (file-multimedia.rules)
 * 1:38217 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed mp4 atom use-after-free attempt (file-multimedia.rules)
 * 1:38216 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules)
 * 1:38215 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules)
 * 1:38214 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules)
 * 1:38213 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules)
 * 1:38212 <-> ENABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules)
 * 1:38211 <-> ENABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules)
 * 1:38210 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed mp4 out of bounds write attempt (file-multimedia.rules)
 * 1:38209 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed mp4 out of bounds write attempt (file-multimedia.rules)
 * 1:38208 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules)
 * 1:38207 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules)
 * 1:38206 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules)
 * 1:38205 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules)
 * 1:38204 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.applyFilter access violation attempt (file-flash.rules)
 * 1:38203 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.applyFilter access violation attempt (file-flash.rules)
 * 1:38202 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 length tag out of bounds read attempt (file-multimedia.rules)
 * 1:38201 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 length tag out of bounds read attempt (file-multimedia.rules)
 * 1:38200 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.copyChannel access violation attempt (file-flash.rules)
 * 1:38199 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.copyChannel access violation attempt (file-flash.rules)
 * 1:38198 <-> ENABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules)
 * 1:38197 <-> ENABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules)
 * 1:38196 <-> ENABLED <-> FILE-FLASH Adobe Flash Player htmlText method use-after-free memory corruption attempt (file-flash.rules)
 * 1:38195 <-> ENABLED <-> FILE-FLASH Adobe Flash Player htmlText method use-after-free memory corruption attempt (file-flash.rules)
 * 1:38194 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setInterval use-after-free memory corruption attempt (file-flash.rules)
 * 1:38193 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setInterval use-after-free memory corruption attempt (file-flash.rules)
 * 1:38192 <-> ENABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules)
 * 1:38191 <-> ENABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules)
 * 1:38190 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules)
 * 1:38189 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules)
 * 1:38188 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setInterval use after free attempt (file-flash.rules)
 * 1:38187 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setInterval use after free attempt (file-flash.rules)
 * 1:38186 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setInterval use after free attempt (file-flash.rules)
 * 1:38185 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setInterval use after free attempt (file-flash.rules)
 * 1:38184 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules)
 * 1:38183 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules)
 * 1:38182 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules)
 * 1:38181 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules)
 * 1:38180 <-> ENABLED <-> FILE-FLASH Microsoft Standalone Flash Player asNative object use after free attempt (file-flash.rules)
 * 1:38179 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player ASnative object use after free attempt (file-flash.rules)
 * 1:38178 <-> ENABLED <-> FILE-FLASH Microsoft Standalone Flash Player asNative object use after free attempt (file-flash.rules)
 * 1:38177 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player ASnative object use after free attempt (file-flash.rules)
 * 1:38176 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules)
 * 1:38175 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules)
 * 1:38174 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules)
 * 1:38173 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules)
 * 1:38172 <-> DISABLED <-> FILE-OTHER Adobe Acrobat updaternotifications.dll dll-load exploit attempt (file-other.rules)
 * 1:38171 <-> ENABLED <-> FILE-OTHER Adobe Acrobat updaternotifications.dll dll-load exploit attempt (file-other.rules)
 * 1:38170 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules)
 * 1:38169 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules)
 * 1:38168 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules)
 * 1:38167 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules)
 * 1:38166 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules)
 * 1:38165 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules)
 * 1:38164 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite UploadFileAction servlet directory traversal attempt (server-webapp.rules)
 * 1:30690 <-> DISABLED <-> DELETED SERVER-OTHER clearing out junk 100173 (deleted.rules)
 * 1:30579 <-> DISABLED <-> DELETED SERVER-OTHER clearing out junk 100168 (deleted.rules)
 * 1:30578 <-> DISABLED <-> DELETED SERVER-OTHER clearing out junk 100167 (deleted.rules)
 * 1:30577 <-> DISABLED <-> DELETED SERVER-OTHER clearing out junk 100166 (deleted.rules)
 * 1:23182 <-> ENABLED <-> SERVER-OTHER Joomla com_maqmahelpdesk task parameter local file inclusion attempt (server-other.rules)
 * 1:18692 <-> DISABLED <-> DELETED SERVER-OTHER clearing out junk (deleted.rules)

Modified Rules:


 * 1:37234 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules)
 * 1:37235 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules)