Sourcefire VRT Certified Rules Update

Date: 2005-04-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
3532 - FTP ORACLE password buffer overflow attempt (ftp.rules)
3533 - TELNET client LINEMODE SLC overflow attempt (telnet.rules)
3534 - WEB-CLIENT Mozilla GIF heap overflow (web-client.rules)
3535 - WEB-CLIENT GIF transfer (web-client.rules)
3536 - WEB-CLIENT Mozilla GIF multipacket heap overflow (web-client.rules)
3537 - TELNET client ENV OPT escape overflow attempt (telnet.rules)
3538 - EXPLOIT RADIUS registration MSID overflow attempt (exploit.rules)
3539 - EXPLOIT RADIUS MSID overflow attempt (exploit.rules)
3540 - EXPLOIT RADIUS registration vendor ATTR_TYPE_STR overflow attempt (exploit.rules)
3541 - EXPLOIT RADIUS ATTR_TYPE_STR overflow attempt (exploit.rules)
3542 - MS-SQL SA brute force login attempt (sql.rules)
3543 - MS-SQL SA brute force login attempt TDS v7/8 (sql.rules)
3544 - WEB-MISC TrackerCam ComGetLogFile.php3 directory traversal attempt (web-misc.rules)
3545 - WEB-MISC TrackerCam ComGetLogFile.php3 log information disclosure (web-misc.rules)
3546 - WEB-MISC TrackerCam User-Agent buffer overflow attempt (web-misc.rules)
3547 - WEB-MISC TrackerCam overly long php parameter overflow attempt (web-misc.rules)
3548 - WEB-MISC TrackerCam negative Content-Length attempt (web-misc.rules)

Updated rules:
1826 - WEB-MISC WEB-INF access (web-misc.rules)
2505 - WEB-MISC SSLv3 invalid data version attempt (deleted.rules)
3152 - MS-SQL sa brute force failed login attempt (sql.rules)
3273 - MS-SQL sa brute force failed login unicode attempt (sql.rules)