Sourcefire VRT Certified Rules Update

Date: 2005-03-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
3441 - FTP PORT bounce attempt (ftp.rules)
3523 - FTP SITE INDEX format string attempt (ftp.rules)
3524 - EXPLOIT Computer Associates license invalid GCR CHECKSUMS attempt (exploit.rules)
3525 - EXPLOIT Computer Associates license invalid GCR NETWORK attempt (exploit.rules)
3526 - ORACLE XDB FTP UNLOCK overflow attempt (oracle.rules)
3527 - EXPLOIT Solaris LPD overflow attempt (exploit.rules)
3528 - MYSQL CREATE FUNCTION attempt (mysql.rules)
3529 - EXPLOIT Computer Associates license GETCONFIG client overflow attempt (exploit.rules)
3530 - EXPLOIT ARCserve backup UDP msg 0x99 client name overflow (exploit.rules)
3531 - EXPLOIT ARCserve backup UDP msg 0x99 client domain overflow (exploit.rules)

Updated rules:
 256 - DNS named authors attempt (dns.rules)
 257 - DNS named version attempt (dns.rules)
1435 - DNS named authors attempt (dns.rules)
1616 - DNS named version attempt (dns.rules)
3465 - WEB-CGI RiSearch show.pl proxy attempt (web-cgi.rules)
3466 - WEB-MISC Authorization Basic overflow attempt (web-misc.rules)
3469 - WEB-CGI Ipswitch WhatsUp Gold dos attempt (web-cgi.rules)
3481 - EXPLOIT ARCserve backup UDP slot info msg client domain overflow (exploit.rules)
3483 - EXPLOIT ARCserve backup UDP product info msg 0x9b client domain overflow (exploit.rules)
3485 - EXPLOIT ARCserve backup UDP product info msg 0x9c client domain overflow (exploit.rules)
3517 - EXPLOIT Computer Associates license PUTOLF overflow attempt (exploit.rules)
3520 - EXPLOIT Computer Associates license GCR NETWORK overflow attempt (exploit.rules)
3521 - EXPLOIT Computer Associates license GCR CHECKSUMS overflow attempt (exploit.rules)
3522 - EXPLOIT Computer Associates license GETCONFIG server overflow attempt (exploit.rules)