Sourcefire VRT Rules Update

Date: 2010-05-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.

The format of the file is:

sid - Message (rule group, priority)

New rules:
16597 <-> SMTP Novell GroupWise Internet Agent Email address processing buffer overflow attempt (smtp.rules, High)

Updated rules:
2005 <-> RPC portmap kcms_server request UDP (rpc.rules, Medium)
2183 <-> SMTP Content-Transfer-Encoding overflow attempt (smtp.rules, High)
2255 <-> RPC sadmind query with root credentials attempt TCP (rpc.rules, Medium)
2401 <-> NETBIOS SMB Session Setup andx username overflow attempt (netbios.rules, Low)
2403 <-> NETBIOS SMB Session Setup unicode username overflow attempt (netbios.rules, Low)
3019 <-> NETBIOS SMB NT Trans NT CREATE andx oversized Security Descriptor attempt (netbios.rules, Low)
3021 <-> NETBIOS SMB NT Trans NT CREATE unicode andx oversized Security Descriptor attempt (netbios.rules, Low)
3023 <-> NETBIOS SMB-DS NT Trans NT CREATE andx oversized Security Descriptor attempt (netbios.rules, Low)
3025 <-> NETBIOS SMB-DS NT Trans NT CREATE unicode andx oversized Security Descriptor attempt (netbios.rules, Low)
3027 <-> NETBIOS SMB NT Trans NT CREATE andx SACL overflow attempt (netbios.rules, Low)
3029 <-> NETBIOS SMB NT Trans NT CREATE unicode andx SACL overflow attempt (netbios.rules, Low)
3031 <-> NETBIOS SMB-DS NT Trans NT CREATE andx SACL overflow attempt (netbios.rules, Low)
3033 <-> NETBIOS SMB-DS NT Trans NT CREATE unicode andx SACL overflow attempt (netbios.rules, Low)
3035 <-> NETBIOS SMB NT Trans NT CREATE andx DACL overflow attempt (netbios.rules, Low)
3037 <-> NETBIOS SMB NT Trans NT CREATE unicode andx DACL overflow attempt (netbios.rules, Low)
3039 <-> NETBIOS SMB-DS NT Trans NT CREATE andx DACL overflow attempt (netbios.rules, Low)
3461 <-> SMTP Content-Type overflow attempt (smtp.rules, High)
5677 <-> NETBIOS SMB Session Setup username overflow attempt (netbios.rules, Low)
5682 <-> NETBIOS SMB Session Setup unicode andx username overflow attempt (netbios.rules, Low)
11196 <-> EXPLOIT MaxDB WebDBM get buffer overflow (exploit.rules, High)
16291 <-> WEB-CLIENT Mozilla Network Security Services regexp heap overflow attempt (web-client.rules, High)