Talos has added and modified multiple rules in the blacklist, browser-ie, browser-plugins, file-flash, file-image, file-office, file-other, indicator-compromise, policy-other, protocol-dns, server-apache, server-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:43554 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk upload remote code execution attempt (server-webapp.rules) * 1:43552 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk upload remote code execution attempt (server-webapp.rules) * 1:43550 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:43549 <-> DISABLED <-> SERVER-WEBAPP AlienVault Unified Security Manager authentication bypass attempt (server-webapp.rules) * 1:43537 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules) * 1:43542 <-> DISABLED <-> SERVER-OTHER CCProxy telnet ping buffer overflow attempt (server-other.rules) * 1:43538 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules) * 1:43539 <-> DISABLED <-> SERVER-WEBAPP Koha directory traversal attempt (server-webapp.rules) * 1:43534 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM nfsen.php command injection attempt (server-webapp.rules) * 1:43544 <-> DISABLED <-> SERVER-WEBAPP CA ArcServe information disclosure attempt (server-webapp.rules) * 1:43543 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .m3u file buffer overflow attempt (file-other.rules) * 1:43545 <-> DISABLED <-> SERVER-WEBAPP HPE System Management Homepage buffer overflow attempt (server-webapp.rules) * 1:43547 <-> DISABLED <-> SERVER-APACHE httpd mod_mime content-type buffer overflow attempt (server-apache.rules) * 1:43546 <-> DISABLED <-> INDICATOR-COMPROMISE Juniper vSRX Application Firewall IPv6 REJECT buffer overflow attempt (indicator-compromise.rules) * 1:43535 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM nfsen.php command injection attempt (server-webapp.rules) * 1:43551 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:43536 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM nfsen.php command injection attempt (server-webapp.rules) * 1:43540 <-> DISABLED <-> FILE-OTHER Aktiv Player wma file buffer overflow attempt (file-other.rules) * 1:43541 <-> DISABLED <-> FILE-OTHER Aktiv Player wma file buffer overflow attempt (file-other.rules) * 1:43548 <-> DISABLED <-> SERVER-WEBAPP Brocade Network Advisor remote code execution attempt (server-webapp.rules) * 1:43553 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk upload remote code execution attempt (server-webapp.rules) * 1:43561 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server si_prop stack buffer overflow attempt (server-other.rules) * 1:43560 <-> DISABLED <-> FILE-OTHER Oracle Outside-In JPEG2000 QCD segment processing heap buffer overflow attempt (file-other.rules) * 3:43555 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0381 attack attempt (policy-other.rules) * 3:43556 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0382 attack attempt (server-other.rules) * 3:43558 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0379 attack attempt (server-other.rules) * 3:43559 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0378 attack attempt (server-other.rules) * 3:43557 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0384 attack attempt (server-other.rules)
* 1:39615 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:32064 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:32817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:29603 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:29798 <-> DISABLED <-> SERVER-WEBAPP CuteFlow pre-authenticated admin account creation attempt (server-webapp.rules) * 1:29630 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:32062 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:21421 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC authority response record overflow attempt (protocol-dns.rules) * 1:32818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:39607 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:42841 <-> ENABLED <-> BLACKLIST suspicious .bit tcp dns query (blacklist.rules) * 1:43004 <-> ENABLED <-> SERVER-SAMBA Samba is_known_pipe arbitrary module load code execution attempt (server-samba.rules) * 1:11263 <-> DISABLED <-> SERVER-APACHE Apache mod_ssl non-SSL connection to SSL port denial of service attempt (server-apache.rules) * 1:23806 <-> DISABLED <-> FILE-OTHER Oracle Outside-In JPEG2000 QCD segment processing heap buffer overflow attempt (file-other.rules) * 1:29799 <-> DISABLED <-> SERVER-WEBAPP CuteFlow pre-authenticated admin account creation attempt (server-webapp.rules) * 3:42432 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules) * 3:42433 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules) * 3:42434 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:43561 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server si_prop stack buffer overflow attempt (server-other.rules) * 1:43560 <-> DISABLED <-> FILE-OTHER Oracle Outside-In JPEG2000 QCD segment processing heap buffer overflow attempt (file-other.rules) * 1:43554 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk upload remote code execution attempt (server-webapp.rules) * 1:43553 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk upload remote code execution attempt (server-webapp.rules) * 1:43552 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk upload remote code execution attempt (server-webapp.rules) * 1:43551 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:43550 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:43549 <-> DISABLED <-> SERVER-WEBAPP AlienVault Unified Security Manager authentication bypass attempt (server-webapp.rules) * 1:43548 <-> DISABLED <-> SERVER-WEBAPP Brocade Network Advisor remote code execution attempt (server-webapp.rules) * 1:43547 <-> DISABLED <-> SERVER-APACHE httpd mod_mime content-type buffer overflow attempt (server-apache.rules) * 1:43546 <-> DISABLED <-> INDICATOR-COMPROMISE Juniper vSRX Application Firewall IPv6 REJECT buffer overflow attempt (indicator-compromise.rules) * 1:43545 <-> DISABLED <-> SERVER-WEBAPP HPE System Management Homepage buffer overflow attempt (server-webapp.rules) * 1:43544 <-> DISABLED <-> SERVER-WEBAPP CA ArcServe information disclosure attempt (server-webapp.rules) * 1:43543 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .m3u file buffer overflow attempt (file-other.rules) * 1:43542 <-> DISABLED <-> SERVER-OTHER CCProxy telnet ping buffer overflow attempt (server-other.rules) * 1:43541 <-> DISABLED <-> FILE-OTHER Aktiv Player wma file buffer overflow attempt (file-other.rules) * 1:43540 <-> DISABLED <-> FILE-OTHER Aktiv Player wma file buffer overflow attempt (file-other.rules) * 1:43539 <-> DISABLED <-> SERVER-WEBAPP Koha directory traversal attempt (server-webapp.rules) * 1:43538 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules) * 1:43537 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules) * 1:43536 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM nfsen.php command injection attempt (server-webapp.rules) * 1:43535 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM nfsen.php command injection attempt (server-webapp.rules) * 1:43534 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM nfsen.php command injection attempt (server-webapp.rules) * 3:43555 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0381 attack attempt (policy-other.rules) * 3:43556 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0382 attack attempt (server-other.rules) * 3:43557 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0384 attack attempt (server-other.rules) * 3:43558 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0379 attack attempt (server-other.rules) * 3:43559 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0378 attack attempt (server-other.rules)
* 1:29603 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:11263 <-> DISABLED <-> SERVER-APACHE Apache mod_ssl non-SSL connection to SSL port denial of service attempt (server-apache.rules) * 1:21421 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC authority response record overflow attempt (protocol-dns.rules) * 1:29630 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:29798 <-> DISABLED <-> SERVER-WEBAPP CuteFlow pre-authenticated admin account creation attempt (server-webapp.rules) * 1:29799 <-> DISABLED <-> SERVER-WEBAPP CuteFlow pre-authenticated admin account creation attempt (server-webapp.rules) * 1:32062 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:32064 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:32817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:32818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:39607 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39615 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:42841 <-> ENABLED <-> BLACKLIST suspicious .bit tcp dns query (blacklist.rules) * 1:43004 <-> ENABLED <-> SERVER-SAMBA Samba is_known_pipe arbitrary module load code execution attempt (server-samba.rules) * 1:23806 <-> DISABLED <-> FILE-OTHER Oracle Outside-In JPEG2000 QCD segment processing heap buffer overflow attempt (file-other.rules) * 3:42432 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules) * 3:42433 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules) * 3:42434 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
