Talos has added and modified multiple rules in the browser-ie, file-image, file-office, file-pdf, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:39155 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules) * 1:39152 <-> DISABLED <-> SERVER-WEBAPP Huawei HG866 GPON root password change attempt (server-webapp.rules) * 1:39158 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:39154 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XObject image object use after free attempt (file-pdf.rules) * 1:39156 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules) * 1:39153 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XObject image object use after free attempt (file-pdf.rules) * 1:39157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 3:39148 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0126 attack attempt (file-office.rules) * 3:39149 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0126 attack attempt (file-office.rules) * 3:39150 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-CAN-0118 attack attempt (server-other.rules) * 3:39151 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-CAN-0118 attack attempt (server-other.rules)
* 1:39145 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39115 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:19072 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server NTLM authentication heap overflow attempt (server-other.rules) * 1:19645 <-> DISABLED <-> SERVER-WEBAPP cross-site scripting attempt via form data attempt (server-webapp.rules) * 1:39138 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39146 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39140 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39147 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:18806 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:17387 <-> DISABLED <-> SERVER-APACHE Apache Tomcat allowLinking URIencoding directory traversal attempt (server-apache.rules) * 1:39142 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39143 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39112 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39137 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39139 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39113 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39114 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39136 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39141 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39144 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:17554 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules) * 1:16067 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2980.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:39154 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XObject image object use after free attempt (file-pdf.rules) * 1:39152 <-> DISABLED <-> SERVER-WEBAPP Huawei HG866 GPON root password change attempt (server-webapp.rules) * 1:39155 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules) * 1:39156 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules) * 1:39157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:39158 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:39153 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XObject image object use after free attempt (file-pdf.rules) * 3:39148 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0126 attack attempt (file-office.rules) * 3:39149 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0126 attack attempt (file-office.rules) * 3:39150 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-CAN-0118 attack attempt (server-other.rules) * 3:39151 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-CAN-0118 attack attempt (server-other.rules)
* 1:16067 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules) * 1:39147 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:19072 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server NTLM authentication heap overflow attempt (server-other.rules) * 1:39114 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39113 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39143 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:19645 <-> DISABLED <-> SERVER-WEBAPP cross-site scripting attempt via form data attempt (server-webapp.rules) * 1:39146 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39112 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:17387 <-> DISABLED <-> SERVER-APACHE Apache Tomcat allowLinking URIencoding directory traversal attempt (server-apache.rules) * 1:39145 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39144 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39115 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39136 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39137 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39139 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39140 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39141 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:18806 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:17554 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules) * 1:39142 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39138 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2982.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:39157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:39158 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:39155 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules) * 1:39156 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules) * 1:39154 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XObject image object use after free attempt (file-pdf.rules) * 1:39153 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XObject image object use after free attempt (file-pdf.rules) * 1:39152 <-> DISABLED <-> SERVER-WEBAPP Huawei HG866 GPON root password change attempt (server-webapp.rules) * 3:39148 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0126 attack attempt (file-office.rules) * 3:39149 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0126 attack attempt (file-office.rules) * 3:39150 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-CAN-0118 attack attempt (server-other.rules) * 3:39151 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-CAN-0118 attack attempt (server-other.rules)
* 1:39141 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39142 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39138 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:18806 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:19072 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server NTLM authentication heap overflow attempt (server-other.rules) * 1:39147 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39146 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39112 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39113 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39114 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39115 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39136 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39137 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39145 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39140 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39139 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:16067 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules) * 1:39143 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:17387 <-> DISABLED <-> SERVER-APACHE Apache Tomcat allowLinking URIencoding directory traversal attempt (server-apache.rules) * 1:39144 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:17554 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules) * 1:19645 <-> DISABLED <-> SERVER-WEBAPP cross-site scripting attempt via form data attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:39158 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:39157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:39156 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules) * 1:39155 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules) * 1:39154 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XObject image object use after free attempt (file-pdf.rules) * 1:39153 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XObject image object use after free attempt (file-pdf.rules) * 1:39152 <-> DISABLED <-> SERVER-WEBAPP Huawei HG866 GPON root password change attempt (server-webapp.rules) * 3:39148 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0126 attack attempt (file-office.rules) * 3:39149 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0126 attack attempt (file-office.rules) * 3:39150 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-CAN-0118 attack attempt (server-other.rules) * 3:39151 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-CAN-0118 attack attempt (server-other.rules)
* 1:39147 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39146 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39145 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39144 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39143 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:16067 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules) * 1:17387 <-> DISABLED <-> SERVER-APACHE Apache Tomcat allowLinking URIencoding directory traversal attempt (server-apache.rules) * 1:39142 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39141 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39140 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39139 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39137 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39138 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39136 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39115 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39114 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39113 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39112 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:19645 <-> DISABLED <-> SERVER-WEBAPP cross-site scripting attempt via form data attempt (server-webapp.rules) * 1:19072 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server NTLM authentication heap overflow attempt (server-other.rules) * 1:18806 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:17554 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
