Sourcefire VRT Rules Update
Date: 2010-05-13
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8_6_0.
The format of the file is:
sid - Message (rule group, priority)
New rules: 16597 <-> SMTP Novell GroupWise Internet Agent Email address processing buffer overflow attempt (smtp.rules, High) Updated rules: 2005 <-> RPC portmap kcms_server request UDP (rpc.rules, Medium) 2183 <-> SMTP Content-Transfer-Encoding overflow attempt (smtp.rules, High) 2255 <-> RPC sadmind query with root credentials attempt TCP (rpc.rules, Medium) 2401 <-> NETBIOS SMB Session Setup andx username overflow attempt (netbios.rules, Low) 2403 <-> NETBIOS SMB Session Setup unicode username overflow attempt (netbios.rules, Low) 3019 <-> NETBIOS SMB NT Trans NT CREATE andx oversized Security Descriptor attempt (netbios.rules, Low) 3021 <-> NETBIOS SMB NT Trans NT CREATE unicode andx oversized Security Descriptor attempt (netbios.rules, Low) 3023 <-> NETBIOS SMB-DS NT Trans NT CREATE andx oversized Security Descriptor attempt (netbios.rules, Low) 3025 <-> NETBIOS SMB-DS NT Trans NT CREATE unicode andx oversized Security Descriptor attempt (netbios.rules, Low) 3027 <-> NETBIOS SMB NT Trans NT CREATE andx SACL overflow attempt (netbios.rules, Low) 3029 <-> NETBIOS SMB NT Trans NT CREATE unicode andx SACL overflow attempt (netbios.rules, Low) 3031 <-> NETBIOS SMB-DS NT Trans NT CREATE andx SACL overflow attempt (netbios.rules, Low) 3033 <-> NETBIOS SMB-DS NT Trans NT CREATE unicode andx SACL overflow attempt (netbios.rules, Low) 3035 <-> NETBIOS SMB NT Trans NT CREATE andx DACL overflow attempt (netbios.rules, Low) 3037 <-> NETBIOS SMB NT Trans NT CREATE unicode andx DACL overflow attempt (netbios.rules, Low) 3039 <-> NETBIOS SMB-DS NT Trans NT CREATE andx DACL overflow attempt (netbios.rules, Low) 3461 <-> SMTP Content-Type overflow attempt (smtp.rules, High) 5677 <-> NETBIOS SMB Session Setup username overflow attempt (netbios.rules, Low) 5682 <-> NETBIOS SMB Session Setup unicode andx username overflow attempt (netbios.rules, Low) 9328 <-> SPECIFIC-THREATS zhangpo smtp propagation detection (specific-threats.rules, High) 11196 <-> EXPLOIT MaxDB WebDBM get buffer overflow (exploit.rules, High) 16291 <-> WEB-CLIENT Mozilla Network Security Services regexp heap overflow attempt (web-client.rules, High)
