Talos has added and modified multiple rules in the file-image, file-office, file-other, malware-cnc, policy-other, protocol-other, protocol-snmp, protocol-voip, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:46117 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro JPEG embedded XPS file heap overflow attempt (file-other.rules) * 1:46098 <-> DISABLED <-> PROTOCOL-OTHER Routing Information Protocol version 1 potential amplified distributed denial of service attempt (protocol-other.rules) * 1:46122 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46118 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro JPEG embedded XPS file heap overflow attempt (file-other.rules) * 1:46121 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46124 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46116 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (server-apache.rules) * 1:46099 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Modimer Trojanized MediaGet outbound connection (malware-cnc.rules) * 1:46100 <-> DISABLED <-> SERVER-WEBAPP Laerdal SimMan-3G arbitrary file upload attempt (server-webapp.rules) * 1:46123 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46106 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor RTF evasion attempt (file-office.rules) * 1:46107 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor RTF evasion attempt (file-office.rules) * 1:46112 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:46113 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:46114 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:46115 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (server-apache.rules) * 3:46109 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning writable file privilege escalation attempt (server-webapp.rules) * 3:46111 <-> ENABLED <-> SERVER-OTHER Cisco IOS Adaptive QoS message parsing stack buffer overflow attempt (server-other.rules) * 3:46102 <-> ENABLED <-> POLICY-OTHER Flash file external url request attempt (policy-other.rules) * 3:46110 <-> ENABLED <-> SERVER-OTHER Cisco ASR1001 IKEv2 memory leak attempt (server-other.rules) * 3:46125 <-> ENABLED <-> SERVER-OTHER Cisco IOS invalid IKEv1 payload denial of service attempt (server-other.rules) * 3:46119 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP relay reply integer underflow attempt (server-other.rules) * 3:46096 <-> ENABLED <-> SERVER-OTHER Cisco SMI invalid discovery init message memory corruption or denial of service attempt (server-other.rules) * 3:46127 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46126 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46128 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46097 <-> ENABLED <-> SERVER-OTHER Cisco SMI invalid discovery init message denial of service attempt (server-other.rules) * 3:46108 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning writable file privilege escalation attempt (server-webapp.rules) * 3:46101 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS SNMP ciscoFlashFileEntry OID denial of service attempt (protocol-snmp.rules) * 3:46104 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP relay agent information memory corruption attempt (server-other.rules) * 3:46105 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS SNMP natPoolRange OID denial of service attempt (protocol-snmp.rules) * 3:46103 <-> ENABLED <-> POLICY-OTHER Flash file external url request attempt (policy-other.rules) * 3:46095 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE default one-time password login detected (policy-other.rules) * 3:46120 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP relay integer underflow attempt (server-other.rules)
* 1:45786 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45666 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:45787 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules) * 1:45788 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-image.rules) * 1:45789 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-image.rules) * 1:41725 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol version command attempt (server-other.rules) * 1:18956 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager LoggedInUsers.lgx definition file multiple SQL injections attempt (server-webapp.rules) * 1:18955 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager LoggedInUsers.lgx definition file multiple SQL injections attempt (server-webapp.rules) * 1:45668 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45665 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45667 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:46106 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor RTF evasion attempt (file-office.rules) * 1:46115 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (server-apache.rules) * 1:46107 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor RTF evasion attempt (file-office.rules) * 1:46112 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:46113 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:46114 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:46116 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (server-apache.rules) * 1:46117 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro JPEG embedded XPS file heap overflow attempt (file-other.rules) * 1:46100 <-> DISABLED <-> SERVER-WEBAPP Laerdal SimMan-3G arbitrary file upload attempt (server-webapp.rules) * 1:46124 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46118 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro JPEG embedded XPS file heap overflow attempt (file-other.rules) * 1:46121 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46098 <-> DISABLED <-> PROTOCOL-OTHER Routing Information Protocol version 1 potential amplified distributed denial of service attempt (protocol-other.rules) * 1:46099 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Modimer Trojanized MediaGet outbound connection (malware-cnc.rules) * 1:46123 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46122 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 3:46110 <-> ENABLED <-> SERVER-OTHER Cisco ASR1001 IKEv2 memory leak attempt (server-other.rules) * 3:46109 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning writable file privilege escalation attempt (server-webapp.rules) * 3:46111 <-> ENABLED <-> SERVER-OTHER Cisco IOS Adaptive QoS message parsing stack buffer overflow attempt (server-other.rules) * 3:46101 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS SNMP ciscoFlashFileEntry OID denial of service attempt (protocol-snmp.rules) * 3:46095 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE default one-time password login detected (policy-other.rules) * 3:46097 <-> ENABLED <-> SERVER-OTHER Cisco SMI invalid discovery init message denial of service attempt (server-other.rules) * 3:46103 <-> ENABLED <-> POLICY-OTHER Flash file external url request attempt (policy-other.rules) * 3:46120 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP relay integer underflow attempt (server-other.rules) * 3:46104 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP relay agent information memory corruption attempt (server-other.rules) * 3:46126 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46102 <-> ENABLED <-> POLICY-OTHER Flash file external url request attempt (policy-other.rules) * 3:46125 <-> ENABLED <-> SERVER-OTHER Cisco IOS invalid IKEv1 payload denial of service attempt (server-other.rules) * 3:46105 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS SNMP natPoolRange OID denial of service attempt (protocol-snmp.rules) * 3:46127 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46096 <-> ENABLED <-> SERVER-OTHER Cisco SMI invalid discovery init message memory corruption or denial of service attempt (server-other.rules) * 3:46119 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP relay reply integer underflow attempt (server-other.rules) * 3:46108 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning writable file privilege escalation attempt (server-webapp.rules) * 3:46128 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules)
* 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:45787 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45666 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45788 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-image.rules) * 1:18956 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager LoggedInUsers.lgx definition file multiple SQL injections attempt (server-webapp.rules) * 1:18955 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager LoggedInUsers.lgx definition file multiple SQL injections attempt (server-webapp.rules) * 1:45668 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45665 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45786 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45789 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-image.rules) * 1:41725 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol version command attempt (server-other.rules) * 1:45667 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:46100 <-> DISABLED <-> SERVER-WEBAPP Laerdal SimMan-3G arbitrary file upload attempt (snort3-server-webapp.rules) * 1:46099 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Modimer Trojanized MediaGet outbound connection (snort3-malware-cnc.rules) * 1:46106 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor RTF evasion attempt (snort3-file-office.rules) * 1:46115 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (snort3-server-apache.rules) * 1:46116 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (snort3-server-apache.rules) * 1:46117 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro JPEG embedded XPS file heap overflow attempt (snort3-file-other.rules) * 1:46118 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro JPEG embedded XPS file heap overflow attempt (snort3-file-other.rules) * 1:46121 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (snort3-protocol-other.rules) * 1:46114 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (snort3-server-webapp.rules) * 1:46122 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (snort3-protocol-other.rules) * 1:46123 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (snort3-protocol-other.rules) * 1:46107 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor RTF evasion attempt (snort3-file-office.rules) * 1:46113 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (snort3-server-webapp.rules) * 1:46124 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (snort3-protocol-other.rules) * 1:46112 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (snort3-server-webapp.rules) * 1:46098 <-> DISABLED <-> PROTOCOL-OTHER Routing Information Protocol version 1 potential amplified distributed denial of service attempt (snort3-protocol-other.rules)
* 1:45839 <-> DISABLED <-> DELETED FILE-OTHER Adobe Acrobat Pro malformed cmap out of bounds read attempt (snort3-deleted.rules) * 1:45788 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (snort3-file-image.rules) * 1:45838 <-> DISABLED <-> DELETED FILE-OTHER Adobe Acrobat Pro malformed cmap out of bounds read attempt (snort3-deleted.rules) * 1:45668 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (snort3-file-other.rules) * 1:45667 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (snort3-file-other.rules) * 1:45666 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (snort3-file-other.rules) * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (snort3-protocol-voip.rules) * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (snort3-server-other.rules) * 1:45789 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (snort3-file-image.rules) * 1:18956 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager LoggedInUsers.lgx definition file multiple SQL injections attempt (snort3-server-webapp.rules) * 1:18955 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager LoggedInUsers.lgx definition file multiple SQL injections attempt (snort3-server-webapp.rules) * 1:41725 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol version command attempt (snort3-server-other.rules) * 1:45786 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (snort3-file-other.rules) * 1:45665 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (snort3-file-other.rules) * 1:45787 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (snort3-file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:46116 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (server-apache.rules) * 1:46123 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46124 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46121 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46122 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46117 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro JPEG embedded XPS file heap overflow attempt (file-other.rules) * 1:46115 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (server-apache.rules) * 1:46118 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro JPEG embedded XPS file heap overflow attempt (file-other.rules) * 1:46114 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:46112 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:46113 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:46106 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor RTF evasion attempt (file-office.rules) * 1:46107 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor RTF evasion attempt (file-office.rules) * 1:46100 <-> DISABLED <-> SERVER-WEBAPP Laerdal SimMan-3G arbitrary file upload attempt (server-webapp.rules) * 1:46099 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Modimer Trojanized MediaGet outbound connection (malware-cnc.rules) * 1:46098 <-> DISABLED <-> PROTOCOL-OTHER Routing Information Protocol version 1 potential amplified distributed denial of service attempt (protocol-other.rules) * 3:46095 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE default one-time password login detected (policy-other.rules) * 3:46110 <-> ENABLED <-> SERVER-OTHER Cisco ASR1001 IKEv2 memory leak attempt (server-other.rules) * 3:46109 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning writable file privilege escalation attempt (server-webapp.rules) * 3:46111 <-> ENABLED <-> SERVER-OTHER Cisco IOS Adaptive QoS message parsing stack buffer overflow attempt (server-other.rules) * 3:46096 <-> ENABLED <-> SERVER-OTHER Cisco SMI invalid discovery init message memory corruption or denial of service attempt (server-other.rules) * 3:46128 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46127 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46119 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP relay reply integer underflow attempt (server-other.rules) * 3:46108 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning writable file privilege escalation attempt (server-webapp.rules) * 3:46104 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP relay agent information memory corruption attempt (server-other.rules) * 3:46105 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS SNMP natPoolRange OID denial of service attempt (protocol-snmp.rules) * 3:46102 <-> ENABLED <-> POLICY-OTHER Flash file external url request attempt (policy-other.rules) * 3:46103 <-> ENABLED <-> POLICY-OTHER Flash file external url request attempt (policy-other.rules) * 3:46101 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS SNMP ciscoFlashFileEntry OID denial of service attempt (protocol-snmp.rules) * 3:46097 <-> ENABLED <-> SERVER-OTHER Cisco SMI invalid discovery init message denial of service attempt (server-other.rules) * 3:46125 <-> ENABLED <-> SERVER-OTHER Cisco IOS invalid IKEv1 payload denial of service attempt (server-other.rules) * 3:46126 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46120 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP relay integer underflow attempt (server-other.rules)
* 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:18956 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager LoggedInUsers.lgx definition file multiple SQL injections attempt (server-webapp.rules) * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules) * 1:45666 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45668 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45665 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45786 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45667 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45787 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:41725 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol version command attempt (server-other.rules) * 1:45789 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-image.rules) * 1:18955 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager LoggedInUsers.lgx definition file multiple SQL injections attempt (server-webapp.rules) * 1:45788 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:46112 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:46107 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor RTF evasion attempt (file-office.rules) * 1:46106 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor RTF evasion attempt (file-office.rules) * 1:46100 <-> DISABLED <-> SERVER-WEBAPP Laerdal SimMan-3G arbitrary file upload attempt (server-webapp.rules) * 1:46099 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Modimer Trojanized MediaGet outbound connection (malware-cnc.rules) * 1:46098 <-> DISABLED <-> PROTOCOL-OTHER Routing Information Protocol version 1 potential amplified distributed denial of service attempt (protocol-other.rules) * 1:46124 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46123 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46122 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46121 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46118 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro JPEG embedded XPS file heap overflow attempt (file-other.rules) * 1:46117 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro JPEG embedded XPS file heap overflow attempt (file-other.rules) * 1:46116 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (server-apache.rules) * 1:46115 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (server-apache.rules) * 1:46114 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:46113 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 3:46109 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning writable file privilege escalation attempt (server-webapp.rules) * 3:46111 <-> ENABLED <-> SERVER-OTHER Cisco IOS Adaptive QoS message parsing stack buffer overflow attempt (server-other.rules) * 3:46110 <-> ENABLED <-> SERVER-OTHER Cisco ASR1001 IKEv2 memory leak attempt (server-other.rules) * 3:46095 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE default one-time password login detected (policy-other.rules) * 3:46127 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46126 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46125 <-> ENABLED <-> SERVER-OTHER Cisco IOS invalid IKEv1 payload denial of service attempt (server-other.rules) * 3:46120 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP relay integer underflow attempt (server-other.rules) * 3:46119 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP relay reply integer underflow attempt (server-other.rules) * 3:46096 <-> ENABLED <-> SERVER-OTHER Cisco SMI invalid discovery init message memory corruption or denial of service attempt (server-other.rules) * 3:46097 <-> ENABLED <-> SERVER-OTHER Cisco SMI invalid discovery init message denial of service attempt (server-other.rules) * 3:46101 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS SNMP ciscoFlashFileEntry OID denial of service attempt (protocol-snmp.rules) * 3:46102 <-> ENABLED <-> POLICY-OTHER Flash file external url request attempt (policy-other.rules) * 3:46103 <-> ENABLED <-> POLICY-OTHER Flash file external url request attempt (policy-other.rules) * 3:46104 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP relay agent information memory corruption attempt (server-other.rules) * 3:46105 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS SNMP natPoolRange OID denial of service attempt (protocol-snmp.rules) * 3:46108 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning writable file privilege escalation attempt (server-webapp.rules) * 3:46128 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules)
* 1:18955 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager LoggedInUsers.lgx definition file multiple SQL injections attempt (server-webapp.rules) * 1:18956 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager LoggedInUsers.lgx definition file multiple SQL injections attempt (server-webapp.rules) * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules) * 1:41725 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol version command attempt (server-other.rules) * 1:45665 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45666 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45667 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45668 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45786 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45787 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45788 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-image.rules) * 1:45789 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-image.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
