Sourcefire VRT Rules Update
Date: 2007-06-13
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.6.
The format of the file is:
sid - Message (rule group)
New rules: 11838 <-> WEB-MISC Win32 API res buffer overflow attempt (web-misc.rules) 11839 <-> WEB-CLIENT TEC-IT TBarCode ActiveX clsid access (web-client.rules) 11840 <-> WEB-CLIENT TEC-IT TBarCode ActiveX clsid unicode access (web-client.rules) 11841 <-> WEB-CLIENT TEC-IT TBarCode ActiveX function call access (web-client.rules) 11842 <-> WEB-CLIENT TEC-IT TBarCode ActiveX function call unicode access (web-client.rules) 11843 <-> NETBIOS SMB spoolss AddPrinter unicode little endian object call overflow attempt (netbios.rules) 11844 <-> NETBIOS SMB spoolss AddPrinter WriteAndX little endian object call overflow attempt (netbios.rules) 11845 <-> NETBIOS SMB spoolss AddPrinter WriteAndX unicode little endian object call overflow attempt (netbios.rules) 11846 <-> NETBIOS SMB-DS spoolss AddPrinter unicode little endian object call overflow attempt (netbios.rules) 11847 <-> NETBIOS SMB-DS spoolss AddPrinter little endian object call overflow attempt (netbios.rules) 11848 <-> NETBIOS SMB-DS spoolss AddPrinter WriteAndX unicode object call overflow attempt (netbios.rules) 11849 <-> NETBIOS SMB-DS spoolss AddPrinter WriteAndX little endian object call overflow attempt (netbios.rules) 11850 <-> NETBIOS SMB-DS spoolss AddPrinter WriteAndX unicode little endian object call overflow attempt (netbios.rules) 11851 <-> NETBIOS SMB-DS v4 spoolss AddPrinter WriteAndX unicode overflow attempt (netbios.rules) 11852 <-> NETBIOS SMB spoolss AddPrinter unicode overflow attempt (netbios.rules) 11853 <-> NETBIOS SMB spoolss AddPrinter unicode little endian overflow attempt (netbios.rules) 11854 <-> NETBIOS SMB-DS spoolss AddPrinter WriteAndX object call overflow attempt (netbios.rules) 11855 <-> NETBIOS SMB-DS v4 spoolss AddPrinter WriteAndX little endian overflow attempt (netbios.rules) 11856 <-> NETBIOS SMB-DS v4 spoolss AddPrinter overflow attempt (netbios.rules) 11857 <-> NETBIOS SMB spoolss AddPrinter little endian overflow attempt (netbios.rules) 11858 <-> NETBIOS SMB v4 spoolss AddPrinter WriteAndX unicode overflow attempt (netbios.rules) 11859 <-> NETBIOS SMB v4 spoolss AddPrinter unicode overflow attempt (netbios.rules) 11860 <-> NETBIOS SMB v4 spoolss AddPrinter WriteAndX overflow attempt (netbios.rules) 11861 <-> NETBIOS SMB v4 spoolss AddPrinter overflow attempt (netbios.rules) 11862 <-> NETBIOS SMB-DS v4 spoolss AddPrinter WriteAndX overflow attempt (netbios.rules) 11863 <-> NETBIOS SMB-DS v4 spoolss AddPrinter unicode overflow attempt (netbios.rules) 11864 <-> NETBIOS SMB-DS v4 spoolss AddPrinter little endian overflow attempt (netbios.rules) 11865 <-> NETBIOS SMB v4 spoolss AddPrinter WriteAndX little endian overflow attempt (netbios.rules) 11866 <-> NETBIOS SMB v4 spoolss AddPrinter little endian overflow attempt (netbios.rules) 11867 <-> NETBIOS SMB-DS v4 spoolss AddPrinter unicode little endian overflow attempt (netbios.rules) 11868 <-> NETBIOS SMB v4 spoolss AddPrinter WriteAndX unicode little endian overflow attempt (netbios.rules) 11869 <-> NETBIOS SMB v4 spoolss AddPrinter unicode little endian overflow attempt (netbios.rules) 11870 <-> NETBIOS SMB-DS spoolss AddPrinter overflow attempt (netbios.rules) 11871 <-> NETBIOS SMB-DS v4 spoolss AddPrinter WriteAndX unicode little endian overflow attempt (netbios.rules) 11872 <-> NETBIOS SMB spoolss AddPrinter WriteAndX overflow attempt (netbios.rules) 11873 <-> NETBIOS SMB spoolss AddPrinter overflow attempt (netbios.rules) 11874 <-> NETBIOS SMB-DS spoolss AddPrinter unicode overflow attempt (netbios.rules) 11875 <-> NETBIOS SMB-DS spoolss AddPrinter WriteAndX overflow attempt (netbios.rules) 11876 <-> NETBIOS SMB-DS spoolss AddPrinter WriteAndX unicode overflow attempt (netbios.rules) 11877 <-> NETBIOS SMB spoolss AddPrinter WriteAndX unicode overflow attempt (netbios.rules) 11878 <-> NETBIOS SMB-DS spoolss AddPrinter unicode little endian overflow attempt (netbios.rules) 11879 <-> NETBIOS SMB-DS spoolss AddPrinter little endian overflow attempt (netbios.rules) 11880 <-> NETBIOS SMB spoolss AddPrinter WriteAndX little endian overflow attempt (netbios.rules) 11881 <-> NETBIOS SMB spoolss AddPrinter WriteAndX unicode little endian overflow attempt (netbios.rules) 11882 <-> NETBIOS SMB-DS spoolss AddPrinter WriteAndX unicode little endian overflow attempt (netbios.rules) 11883 <-> NETBIOS SMB-DS spoolss AddPrinter WriteAndX little endian overflow attempt (netbios.rules) 11884 <-> NETBIOS SMB spoolss AddPrinter little endian object call overflow attempt (netbios.rules) 11885 <-> NETBIOS SMB-DS spoolss AddPrinter object call overflow attempt (netbios.rules) 11886 <-> NETBIOS SMB spoolss AddPrinter WriteAndX object call overflow attempt (netbios.rules) 11887 <-> NETBIOS SMB spoolss AddPrinter unicode object call overflow attempt (netbios.rules) 11888 <-> NETBIOS SMB-DS spoolss AddPrinter unicode object call overflow attempt (netbios.rules) 11889 <-> NETBIOS SMB spoolss AddPrinter object call overflow attempt (netbios.rules) 11890 <-> NETBIOS SMB spoolss AddPrinter WriteAndX unicode object call overflow attempt (netbios.rules) 11891 <-> NETBIOS SMB spoolss AddPrinter unicode little endian andx object call overflow attempt (netbios.rules) 11892 <-> NETBIOS SMB spoolss AddPrinter WriteAndX little endian andx object call overflow attempt (netbios.rules) 11893 <-> NETBIOS SMB spoolss AddPrinter WriteAndX unicode little endian andx object call overflow attempt (netbios.rules) 11894 <-> NETBIOS SMB-DS spoolss AddPrinter unicode little endian andx object call overflow attempt (netbios.rules) 11895 <-> NETBIOS SMB-DS spoolss AddPrinter little endian andx object call overflow attempt (netbios.rules) 11896 <-> NETBIOS SMB-DS spoolss AddPrinter WriteAndX unicode andx object call overflow attempt (netbios.rules) 11897 <-> NETBIOS SMB-DS spoolss AddPrinter WriteAndX little endian andx object call overflow attempt (netbios.rules) 11898 <-> NETBIOS SMB-DS spoolss AddPrinter WriteAndX unicode little endian andx object call overflow attempt (netbios.rules) 11899 <-> NETBIOS SMB-DS v4 spoolss AddPrinter WriteAndX unicode andx overflow attempt (netbios.rules) 11900 <-> NETBIOS SMB spoolss AddPrinter unicode andx overflow attempt (netbios.rules) 11901 <-> NETBIOS SMB spoolss AddPrinter unicode little endian andx overflow attempt (netbios.rules) 11902 <-> NETBIOS SMB-DS spoolss AddPrinter WriteAndX andx object call overflow attempt (netbios.rules) 11903 <-> NETBIOS SMB-DS v4 spoolss AddPrinter WriteAndX little endian andx overflow attempt (netbios.rules) 11904 <-> NETBIOS SMB-DS v4 spoolss AddPrinter andx overflow attempt (netbios.rules) 11905 <-> NETBIOS SMB spoolss AddPrinter little endian andx overflow attempt (netbios.rules) 11906 <-> NETBIOS SMB v4 spoolss AddPrinter WriteAndX unicode andx overflow attempt (netbios.rules) 11907 <-> NETBIOS SMB v4 spoolss AddPrinter unicode andx overflow attempt (netbios.rules) 11908 <-> NETBIOS SMB v4 spoolss AddPrinter WriteAndX andx overflow attempt (netbios.rules) 11909 <-> NETBIOS SMB v4 spoolss AddPrinter andx overflow attempt (netbios.rules) 11910 <-> NETBIOS SMB-DS v4 spoolss AddPrinter WriteAndX andx overflow attempt (netbios.rules) 11911 <-> NETBIOS SMB-DS v4 spoolss AddPrinter unicode andx overflow attempt (netbios.rules) 11912 <-> NETBIOS SMB-DS v4 spoolss AddPrinter little endian andx overflow attempt (netbios.rules) 11913 <-> NETBIOS SMB v4 spoolss AddPrinter WriteAndX little endian andx overflow attempt (netbios.rules) 11914 <-> NETBIOS SMB v4 spoolss AddPrinter little endian andx overflow attempt (netbios.rules) 11915 <-> NETBIOS SMB-DS v4 spoolss AddPrinter unicode little endian andx overflow attempt (netbios.rules) 11916 <-> NETBIOS SMB v4 spoolss AddPrinter WriteAndX unicode little endian andx overflow attempt (netbios.rules) 11917 <-> NETBIOS SMB v4 spoolss AddPrinter unicode little endian andx overflow attempt (netbios.rules) 11918 <-> NETBIOS SMB-DS spoolss AddPrinter andx overflow attempt (netbios.rules) 11919 <-> NETBIOS SMB-DS v4 spoolss AddPrinter WriteAndX unicode little endian andx overflow attempt (netbios.rules) 11920 <-> NETBIOS SMB spoolss AddPrinter WriteAndX andx overflow attempt (netbios.rules) 11921 <-> NETBIOS SMB spoolss AddPrinter andx overflow attempt (netbios.rules) 11922 <-> NETBIOS SMB-DS spoolss AddPrinter unicode andx overflow attempt (netbios.rules) 11923 <-> NETBIOS SMB-DS spoolss AddPrinter WriteAndX andx overflow attempt (netbios.rules) 11924 <-> NETBIOS SMB-DS spoolss AddPrinter WriteAndX unicode andx overflow attempt (netbios.rules) 11925 <-> NETBIOS SMB spoolss AddPrinter WriteAndX unicode andx overflow attempt (netbios.rules) 11926 <-> NETBIOS SMB-DS spoolss AddPrinter unicode little endian andx overflow attempt (netbios.rules) 11927 <-> NETBIOS SMB-DS spoolss AddPrinter little endian andx overflow attempt (netbios.rules) 11928 <-> NETBIOS SMB spoolss AddPrinter WriteAndX little endian andx overflow attempt (netbios.rules) 11929 <-> NETBIOS SMB spoolss AddPrinter WriteAndX unicode little endian andx overflow attempt (netbios.rules) 11930 <-> NETBIOS SMB-DS spoolss AddPrinter WriteAndX unicode little endian andx overflow attempt (netbios.rules) 11931 <-> NETBIOS SMB-DS spoolss AddPrinter WriteAndX little endian andx overflow attempt (netbios.rules) 11932 <-> NETBIOS SMB spoolss AddPrinter little endian andx object call overflow attempt (netbios.rules) 11933 <-> NETBIOS SMB-DS spoolss AddPrinter andx object call overflow attempt (netbios.rules) 11934 <-> NETBIOS SMB spoolss AddPrinter WriteAndX andx object call overflow attempt (netbios.rules) 11935 <-> NETBIOS SMB spoolss AddPrinter unicode andx object call overflow attempt (netbios.rules) 11936 <-> NETBIOS SMB-DS spoolss AddPrinter unicode andx object call overflow attempt (netbios.rules) 11937 <-> NETBIOS SMB spoolss AddPrinter andx object call overflow attempt (netbios.rules) 11938 <-> NETBIOS SMB spoolss AddPrinter WriteAndX unicode andx object call overflow attempt (netbios.rules) 11939 <-> WEB-CLIENT Westbyte Internet Download Accelerator ActiveX clsid unicode access (web-client.rules) 11940 <-> WEB-CLIENT Westbyte Internet Download Accelerator ActiveX function call access (web-client.rules) 11941 <-> WEB-CLIENT Westbyte Internet Download Accelerator ActiveX function call unicode access (web-client.rules) 11942 <-> WEB-CLIENT Westbyte internet download accelerator ActiveX clsid access (web-client.rules) 11943 <-> WEB-CLIENT HP ModemUtil ActiveX clsid access (web-client.rules) 11944 <-> WEB-CLIENT HP ModemUtil ActiveX clsid unicode access (web-client.rules) 11945 <-> NETBIOS SMB trans2open buffer overflow attempt (netbios.rules) 11946 <-> NETBIOS Datagram Service NetDDE attack (netbios.rules) 11947 <-> WEB-CLIENT Windows schannel security package (web-client.rules) Updated rules: 10381 <-> NETBIOS DCERPC DIRECT svcctl ChangeServiceConfig2A attempt (netbios.rules) 10382 <-> NETBIOS DCERPC DIRECT v4 svcctl ChangeServiceConfig2A attempt (netbios.rules) 10383 <-> NETBIOS DCERPC DIRECT svcctl ChangeServiceConfig2A little endian attempt (netbios.rules) 10384 <-> NETBIOS DCERPC DIRECT v4 svcctl ChangeServiceConfig2A little endian attempt (netbios.rules) 10385 <-> NETBIOS DCERPC DIRECT svcctl ChangeServiceConfig2A object call attempt (netbios.rules) 10386 <-> NETBIOS DCERPC DIRECT svcctl ChangeServiceConfig2A little endian object call attempt (netbios.rules) 10815 <-> NETBIOS DCERPC DIRECT dns R_DnssrvEnumRecords overflow attempt (netbios.rules) 10823 <-> NETBIOS DCERPC DIRECT dns R_DnssrvEnumRecords little endian object call overflow attempt (netbios.rules) 10853 <-> NETBIOS DCERPC DIRECT v4 dns R_DnssrvEnumRecords little endian overflow attempt (netbios.rules) 10859 <-> NETBIOS DCERPC DIRECT dns R_DnssrvEnumRecords object call overflow attempt (netbios.rules) 10895 <-> NETBIOS DCERPC DIRECT dns R_DnssrvEnumRecords little endian overflow attempt (netbios.rules) 10931 <-> NETBIOS DCERPC DIRECT v4 dns R_DnssrvEnumRecords overflow attempt (netbios.rules) 11826 <-> WEB-CLIENT Microsoft Voice Control ActiveX clsid access (web-client.rules) 11827 <-> WEB-CLIENT Microsoft Voice Control ActiveX clsid unicode access (web-client.rules) 11828 <-> WEB-CLIENT Microsoft Voice Control ActiveX function call access (web-client.rules) 11829 <-> WEB-CLIENT Microsoft Voice Control ActiveX function call unicode access (web-client.rules) 11830 <-> WEB-CLIENT Microsoft Direct Speech Recognition ActiveX clsid access (web-client.rules) 11831 <-> WEB-CLIENT Microsoft Direct Speech Recognition ActiveX clsid unicode access (web-client.rules) 11832 <-> WEB-CLIENT Microsoft Direct Speech Recognition ActiveX function call access (web-client.rules) 11833 <-> WEB-CLIENT Microsoft Direct Speech Recognition ActiveX function call unicode access (web-client.rules)
