Talos has added and modified multiple rules in the browser-ie, file-flash, file-other, indicator-obfuscation, indicator-shellcode and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:41716 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:41725 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol version command attempt (server-other.rules) * 1:41723 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol download config command attempt (server-other.rules) * 1:41724 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol download image command attempt (server-other.rules) * 1:41721 <-> DISABLED <-> SERVER-WEBAPP Mikrotik Syslog Server DoS attempt (server-webapp.rules) * 1:41722 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol backup config command attempt (server-other.rules) * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:41715 <-> DISABLED <-> BROWSER-IE Microsoft Health and Support Center iframe injection attempt (browser-ie.rules) * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:41717 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed object type buffer overflow attempt (browser-ie.rules) * 1:41714 <-> DISABLED <-> INDICATOR-OBFUSCATION rfc822 HTTP transfer encoding attempt attempt (indicator-obfuscation.rules)
* 1:41613 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41632 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 h264 decompression routine out of bounds read attempt (file-other.rules) * 1:41614 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41612 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder luminance adjustment out of bounds memory access attempt (file-other.rules) * 1:41619 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addEventListener use after free attempt (file-flash.rules) * 1:41674 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object event handler use after free attempt (file-flash.rules) * 1:41616 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41620 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addEventListener use after free attempt (file-flash.rules) * 1:41615 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41618 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:33339 <-> DISABLED <-> INDICATOR-SHELLCODE ASCII heapspray characters detected (indicator-shellcode.rules) * 1:41679 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:41621 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed FLV heap overflow attempt (file-flash.rules) * 1:41673 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object event handler use after free attempt (file-flash.rules) * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:41628 <-> ENABLED <-> FILE-FLASH Adobe Flash Player garbage collection use after free attempt (file-flash.rules) * 1:41630 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41623 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41680 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:21037 <-> DISABLED <-> INDICATOR-OBFUSCATION randomized javascript encodings detected (indicator-obfuscation.rules) * 1:41627 <-> ENABLED <-> FILE-FLASH Adobe Flash Player garbage collection use after free attempt (file-flash.rules) * 1:41622 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed FLV heap overflow attempt (file-flash.rules) * 1:41611 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder luminance adjustment out of bounds memory access attempt (file-other.rules) * 1:41629 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41603 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules) * 1:41624 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41604 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules) * 1:41617 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41631 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 h264 decompression routine out of bounds read attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:41725 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol version command attempt (server-other.rules) * 1:41723 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol download config command attempt (server-other.rules) * 1:41724 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol download image command attempt (server-other.rules) * 1:41721 <-> DISABLED <-> SERVER-WEBAPP Mikrotik Syslog Server DoS attempt (server-webapp.rules) * 1:41722 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol backup config command attempt (server-other.rules) * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:41716 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:41717 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed object type buffer overflow attempt (browser-ie.rules) * 1:41715 <-> DISABLED <-> BROWSER-IE Microsoft Health and Support Center iframe injection attempt (browser-ie.rules) * 1:41714 <-> DISABLED <-> INDICATOR-OBFUSCATION rfc822 HTTP transfer encoding attempt attempt (indicator-obfuscation.rules)
* 1:41629 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41630 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41628 <-> ENABLED <-> FILE-FLASH Adobe Flash Player garbage collection use after free attempt (file-flash.rules) * 1:41627 <-> ENABLED <-> FILE-FLASH Adobe Flash Player garbage collection use after free attempt (file-flash.rules) * 1:41624 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41622 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed FLV heap overflow attempt (file-flash.rules) * 1:41623 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41620 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addEventListener use after free attempt (file-flash.rules) * 1:41621 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed FLV heap overflow attempt (file-flash.rules) * 1:41618 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41619 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addEventListener use after free attempt (file-flash.rules) * 1:41616 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41617 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41615 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:21037 <-> DISABLED <-> INDICATOR-OBFUSCATION randomized javascript encodings detected (indicator-obfuscation.rules) * 1:41611 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder luminance adjustment out of bounds memory access attempt (file-other.rules) * 1:41613 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41674 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object event handler use after free attempt (file-flash.rules) * 1:41612 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder luminance adjustment out of bounds memory access attempt (file-other.rules) * 1:41614 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41673 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object event handler use after free attempt (file-flash.rules) * 1:41679 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:33339 <-> DISABLED <-> INDICATOR-SHELLCODE ASCII heapspray characters detected (indicator-shellcode.rules) * 1:41680 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:41632 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 h264 decompression routine out of bounds read attempt (file-other.rules) * 1:41604 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules) * 1:41631 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 h264 decompression routine out of bounds read attempt (file-other.rules) * 1:41603 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:41725 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol version command attempt (server-other.rules) * 1:41724 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol download image command attempt (server-other.rules) * 1:41723 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol download config command attempt (server-other.rules) * 1:41722 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol backup config command attempt (server-other.rules) * 1:41721 <-> DISABLED <-> SERVER-WEBAPP Mikrotik Syslog Server DoS attempt (server-webapp.rules) * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:41717 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed object type buffer overflow attempt (browser-ie.rules) * 1:41716 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:41715 <-> DISABLED <-> BROWSER-IE Microsoft Health and Support Center iframe injection attempt (browser-ie.rules) * 1:41714 <-> DISABLED <-> INDICATOR-OBFUSCATION rfc822 HTTP transfer encoding attempt attempt (indicator-obfuscation.rules)
* 1:41680 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:33339 <-> DISABLED <-> INDICATOR-SHELLCODE ASCII heapspray characters detected (indicator-shellcode.rules) * 1:41679 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:41674 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object event handler use after free attempt (file-flash.rules) * 1:41673 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object event handler use after free attempt (file-flash.rules) * 1:41631 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 h264 decompression routine out of bounds read attempt (file-other.rules) * 1:41632 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 h264 decompression routine out of bounds read attempt (file-other.rules) * 1:41630 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41629 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41628 <-> ENABLED <-> FILE-FLASH Adobe Flash Player garbage collection use after free attempt (file-flash.rules) * 1:41627 <-> ENABLED <-> FILE-FLASH Adobe Flash Player garbage collection use after free attempt (file-flash.rules) * 1:41624 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41623 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41622 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed FLV heap overflow attempt (file-flash.rules) * 1:41621 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed FLV heap overflow attempt (file-flash.rules) * 1:41620 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addEventListener use after free attempt (file-flash.rules) * 1:41619 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addEventListener use after free attempt (file-flash.rules) * 1:41618 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41617 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41616 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41615 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41614 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41612 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder luminance adjustment out of bounds memory access attempt (file-other.rules) * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:21037 <-> DISABLED <-> INDICATOR-OBFUSCATION randomized javascript encodings detected (indicator-obfuscation.rules) * 1:41613 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41611 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder luminance adjustment out of bounds memory access attempt (file-other.rules) * 1:41604 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules) * 1:41603 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
