Sourcefire VRT Rules Update

Date: 2008-04-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.

The format of the file is:

sid - Message (rule group)

New rules:
13716 <-> RPC portmap CA BrightStor ARCserve tcp procedure 232 attempt (rpc.rules)
13717 <-> RPC portmap CA BrightStor ARCserve udp procedure 232 attempt (rpc.rules)
13719 <-> ORACLE database username buffer overflow (oracle.rules)

Updated rules:
3554 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm alter context attempt (netbios.rules)
3555 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm alter context attempt (netbios.rules)
3556 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm little endian alter context attempt (netbios.rules)
3557 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm little endian alter context attempt (netbios.rules)
3558 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm bind attempt (netbios.rules)
3559 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm bind attempt (netbios.rules)
3560 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm little endian bind attempt (netbios.rules)
3561 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm little endian bind attempt (netbios.rules)
3562 <-> DELETED NETBIOS SMB mqqm WriteAndX unicode andx bind attempt (deleted.rules)
3563 <-> DELETED NETBIOS SMB mqqm WriteAndX unicode bind attempt (deleted.rules)
3564 <-> DELETED NETBIOS SMB mqqm WriteAndX unicode little endian andx bind attempt (deleted.rules)
3565 <-> DELETED NETBIOS SMB mqqm WriteAndX unicode little endian bind attempt (deleted.rules)
3566 <-> DELETED NETBIOS SMB mqqm andx bind attempt (deleted.rules)
3567 <-> DELETED NETBIOS SMB mqqm bind attempt (deleted.rules)
3568 <-> DELETED NETBIOS SMB mqqm little endian andx bind attempt (deleted.rules)
3569 <-> DELETED NETBIOS SMB mqqm little endian bind attempt (deleted.rules)
3570 <-> DELETED NETBIOS SMB mqqm unicode andx bind attempt (deleted.rules)
3571 <-> DELETED NETBIOS SMB mqqm unicode bind attempt (deleted.rules)
3572 <-> DELETED NETBIOS SMB mqqm unicode little endian andx bind attempt (deleted.rules)
3573 <-> DELETED NETBIOS SMB mqqm unicode little endian bind attempt (deleted.rules)
3574 <-> DELETED NETBIOS SMB-DS mqqm WriteAndX andx bind attempt (deleted.rules)
3575 <-> DELETED NETBIOS SMB-DS mqqm WriteAndX bind attempt (deleted.rules)
3576 <-> DELETED NETBIOS SMB-DS mqqm WriteAndX little endian andx bind attempt (deleted.rules)
3577 <-> DELETED NETBIOS SMB-DS mqqm WriteAndX little endian bind attempt (deleted.rules)
3578 <-> DELETED NETBIOS SMB-DS mqqm WriteAndX unicode andx bind attempt (deleted.rules)
3579 <-> DELETED NETBIOS SMB-DS mqqm WriteAndX unicode bind attempt (deleted.rules)
3580 <-> DELETED NETBIOS SMB-DS mqqm WriteAndX unicode little endian andx bind attempt (deleted.rules)
3581 <-> DELETED NETBIOS SMB-DS mqqm WriteAndX unicode little endian bind attempt (deleted.rules)
3582 <-> DELETED NETBIOS SMB-DS mqqm andx bind attempt (deleted.rules)
3583 <-> DELETED NETBIOS SMB-DS mqqm bind attempt (deleted.rules)
3584 <-> DELETED NETBIOS SMB-DS mqqm little endian andx bind attempt (deleted.rules)
3585 <-> DELETED NETBIOS SMB-DS mqqm little endian bind attempt (deleted.rules)
3586 <-> DELETED NETBIOS SMB-DS mqqm unicode andx bind attempt (deleted.rules)
3587 <-> DELETED NETBIOS SMB-DS mqqm unicode bind attempt (deleted.rules)
3588 <-> DELETED NETBIOS SMB-DS mqqm unicode little endian andx bind attempt (deleted.rules)
3589 <-> DELETED NETBIOS SMB-DS mqqm unicode little endian bind attempt (deleted.rules)
3590 <-> NETBIOS DCERPC NCADG-IP-UDP v4 mqqm QMDeleteObject overflow attempt (netbios.rules)
3591 <-> NETBIOS DCERPC NCADG-IP-UDP v4 mqqm QMDeleteObject little endian overflow attempt (netbios.rules)
3592 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMDeleteObject little endian overflow attempt (netbios.rules)
3593 <-> NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMDeleteObject little endian overflow attempt (netbios.rules)
3594 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMDeleteObject little endian overflow attempt (netbios.rules)
3595 <-> NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMDeleteObject overflow attempt (netbios.rules)
3596 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (netbios.rules)
3597 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (netbios.rules)
3598 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMDeleteObject little endian object call overflow attempt (netbios.rules)
3600 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMDeleteObject object call overflow attempt (netbios.rules)
3601 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMDeleteObject object call overflow attempt (netbios.rules)
3602 <-> DELETED NETBIOS SMB mqqm QMDeleteObject andx overflow attempt (deleted.rules)
3603 <-> DELETED NETBIOS SMB mqqm QMDeleteObject little endian andx overflow attempt (deleted.rules)
3604 <-> DELETED NETBIOS SMB mqqm QMDeleteObject little endian overflow attempt (deleted.rules)
3605 <-> DELETED NETBIOS SMB mqqm QMDeleteObject overflow attempt (deleted.rules)
3606 <-> DELETED NETBIOS SMB mqqm QMDeleteObject unicode andx overflow attempt (deleted.rules)
3607 <-> DELETED NETBIOS SMB mqqm QMDeleteObject unicode little endian andx overflow attempt (deleted.rules)
3608 <-> DELETED NETBIOS SMB mqqm QMDeleteObject unicode little endian overflow attempt (deleted.rules)
3609 <-> DELETED NETBIOS SMB mqqm QMDeleteObject unicode overflow attempt (deleted.rules)
3610 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX andx overflow attempt (deleted.rules)
3611 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX little endian andx overflow attempt (deleted.rules)
3612 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX little endian overflow attempt (deleted.rules)
3613 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX overflow attempt (deleted.rules)
3614 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX unicode andx overflow attempt (deleted.rules)
3615 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX unicode little endian andx overflow attempt (deleted.rules)
3616 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX unicode little endian overflow attempt (deleted.rules)
3617 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject WriteAndX unicode overflow attempt (deleted.rules)
3618 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject andx overflow attempt (deleted.rules)
3619 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject little endian andx overflow attempt (deleted.rules)
3620 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject little endian overflow attempt (deleted.rules)
3621 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject overflow attempt (deleted.rules)
3622 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject unicode andx overflow attempt (deleted.rules)
3623 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject unicode little endian andx overflow attempt (deleted.rules)
3624 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject unicode little endian overflow attempt (deleted.rules)
3625 <-> DELETED NETBIOS SMB-DS mqqm QMDeleteObject unicode overflow attempt (deleted.rules)
7035 <-> NETBIOS SMB Trans mailslot heap overflow attempt (netbios.rules)
7036 <-> NETBIOS SMB Trans unicode mailslot heap overflow attempt (netbios.rules)
7037 <-> NETBIOS-DG SMB Trans mailslot heap overflow attempt (netbios.rules)
7038 <-> NETBIOS-DG SMB Trans unicode mailslot heap overflow attempt (netbios.rules)
7039 <-> NETBIOS SMB Trans andx mailslot heap overflow attempt (netbios.rules)
7040 <-> NETBIOS SMB Trans unicode andx mailslot heap overflow attempt (netbios.rules)
7041 <-> NETBIOS-DG SMB Trans andx mailslot heap overflow attempt (netbios.rules)
7042 <-> NETBIOS-DG SMB Trans unicode andx mailslot heap overflow attempt (netbios.rules)
7043 <-> DELETED NETBIOS SMB-DS Trans andx mailslot heap overflow attempt (deleted.rules)
7044 <-> DELETED NETBIOS SMB-DS Trans unicode andx mailslot heap overflow attempt (deleted.rules)
7045 <-> DELETED NETBIOS-DG SMB Trans andx mailslot heap overflow attempt (deleted.rules)
7046 <-> DELETED NETBIOS-DG SMB Trans unicode andx mailslot heap overflow attempt (deleted.rules)
11196 <-> EXPLOIT MaxDB WebDBM get buffer overflow (exploit.rules)
12619 <-> EXPLOIT Microsoft Exchange ical/vcal malformed property (exploit.rules)
12973 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm alter context attempt (netbios.rules)
12974 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm little endian alter context attempt (netbios.rules)
12975 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm bind attempt (netbios.rules)
12976 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm little endian bind attempt (netbios.rules)
12977 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal little endian overflow attempt (netbios.rules)
12978 <-> NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMCreateObjectInternal overflow attempt (netbios.rules)
12979 <-> NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMCreateObjectInternal little endian overflow attempt (netbios.rules)
12980 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal overflow attempt (netbios.rules)
12981 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal little endian object call overflow attempt (netbios.rules)
12982 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal object call overflow attempt (netbios.rules)
13210 <-> NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMObjectPathToObjectFormat little endian overflow attempt (netbios.rules)
13211 <-> NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMObjectPathToObjectFormat overflow attempt (netbios.rules)
13212 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat overflow attempt (netbios.rules)
13213 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat little endian overflow attempt (netbios.rules)
13214 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat object call overflow attempt (netbios.rules)
13215 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat little endian object call overflow attempt (netbios.rules)