Sourcefire VRT Certified Rules Update

Date: 2005-03-09

The following is a list of new or modified rules included in this VRT Certified Ruleset.
List format: sid - message (rule group)

New rules:

3459 - P2P Manolito Search Query
3460 - FTP REST with numeric argument
3461 - SMTP Content-Type overflow attempt
3462 - SMTP Content-Encoding overflow attempt
3463 - WEB-CGI awstats access
3464 - WEB-CGI awstats.pl command execution attempt
3465 - WEB-CGI RiSearch show.pl proxy attempt
3466 - WEB-MISC Authorization Basic overflow attempt
3467 - WEB-MISC CISCO VoIP Portinformation access
3468 - WEB-CGI math_sum.mscgi access
3469 - WEB-CGI Ipswitch WhatsUp Gold dos attempt
3470 - WEB-CLIENT RealPlayer VIDORV30 header length buffer overflow
3471 - WEB-CLIENT iTunes playlist URL overflow attempt
3472 - EXPLOIT ARCserve discovery service overflow
3473 - WEB-CLIENT RealPlayer SMIL file overflow attempt
3474 - EXPLOIT ARCserve backup TCP slot info msg client name overflow
3475 - EXPLOIT ARCserve backup TCP slot info msg client domain overflow
3476 - EXPLOIT ARCserve backup TCP product info msg 0x9b client domain overflow
3477 - EXPLOIT ARCserve backup TCP product info msg 0x9b client name overflow
3478 - EXPLOIT ARCserve backup TCP product info msg 0x9c client domain overflow
3479 - EXPLOIT ARCserve backup TCP product info msg 0x9c client name overflow
3480 - EXPLOIT ARCserve backup UDP slot info msg client name overflow
3481 - EXPLOIT ARCserve backup UDP slot info msg client domain overflow
3482 - EXPLOIT ARCserve backup UDP product info msg 0x9b client name overflow
3483 - EXPLOIT ARCserve backup UDP product info msg 0x9b client domain overflow
3484 - EXPLOIT ARCserve backup UDP product info msg 0x9c client name overflow
3485 - EXPLOIT ARCserve backup UDP product info msg 0x9c client domain overflow
3486 - WEB-MISC SSLv3 invalid data version attempt
3487 - IMAP SSLv2 Client_Hello request
3488 - IMAP SSLv2 Client_Hello with pad request
3489 - IMAP TLSv1 Client_Hello request
3490 - IMAP TLSv1 Client_Hello via SSLv2 handshake request
3491 - IMAP SSLv2 Server_Hello request
3492 - IMAP TLSv1 Server_Hello request
3493 - SMTP SSLv2 Client_Hello request
3494 - SMTP SSLv2 Client_Hello with pad request
3495 - SMTP TLSv1 Client_Hello request
3496 - SMTP TLSv1 Client_Hello via SSLv2 handshake request
3497 - SMTP SSLv2 Server_Hello request
3498 - SMTP TLSv1 Server_Hello request
3499 - POP3 SSLv2 Client_Hello request
3500 - POP3 SSLv2 Client_Hello with pad request
3501 - POP3 TLSv1 Client_Hello request
3502 - POP3 TLSv1 Client_Hello via SSLv2 handshake request
3503 - POP3 SSLv2 Server_Hello request
3504 - POP3 TLSv1 Server_Hello request
3505 - POP3 SSLv2 Client_Hello request
3506 - POP3 SSLv2 Client_Hello with pad request
3507 - POP3 TLSv1 Client_Hello request
3508 - POP3 TLSv1 Client_Hello via SSLv2 handshake request
3509 - POP3 SSLv2 Server_Hello request
3510 - POP3 TLSv1 Server_Hello request
3511 - SMTP PCT Client_Hello overflow attempt

Updated rules:

1079 - WEB-MISC WebDAV propfind access
1663 - WEB-MISC *%0a.pl access
2497 - IMAP SSLv3 invalid data version attempt
2500 - POP3 SSLv3 invalid data version attempt
2501 - POP3 SSLv3 invalid timestamp attempt
2502 - POP3 SSLv3 invalid data version attempt
2504 - SMTP SSLv3 invalid data version attempt
2515 - WEB-MISC PCT Client_Hello overflow attempt
2516 - POP3 PCT Client_Hello overflow attempt
2517 - IMAP PCT Client_Hello overflow attempt
2518 - POP3 PCT Client_Hello overflow attempt
2520 - WEB-MISC SSLv3 Client_Hello request
2528 - SMTP PCT Client_Hello overflow attempt
2529 - IMAP SSLv3 Client_Hello request
2530 - IMAP SSLv3 Server_Hello request
2531 - IMAP SSLv3 invalid Client_Hello attempt
2532 - POP3 SSLv3 Client_Hello request
2534 - POP3 SSLv3 invalid Client_Hello attempt
2535 - POP3 SSLv3 Client_Hello request
2536 - POP3 SSLv3 Server_Hello request
2537 - POP3 SSLv3 invalid Client_Hello attempt
2542 - SMTP SSLv3 Client_Hello request
2543 - SMTP TLS SSLv3 Server_Hello request
2544 - SMTP SSLv3 invalid Client_Hello attempt
2656 - WEB-MISC SSLv2 Client_Hello Challenge Length overflow attempt
2657 - WEB-IMSC SSLv2 Client_Hello with pad Challenge Length overflow attempt
2658 - WEB-MISC SSLv2 Client_Hello request
2659 - WEB-MISC SSLv2 Client_Hello with pad request
2660 - WEB-MISC SSLv2 Server_Hello request
2661 - WEB-MISC TLSv1 Client_Hello request
2662 - WEB-MISC TLSv1 Server_Hello request
3059 - WEB-MISC TLSv1 Client_Hello via SSLv2 handshake request