Sourcefire VRT Certified Rules Update
Date: 2005-04-05
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 3532 - FTP ORACLE password buffer overflow attempt (ftp.rules) 3533 - TELNET client LINEMODE SLC overflow attempt (telnet.rules) 3534 - WEB-CLIENT Mozilla GIF heap overflow (web-client.rules) 3535 - WEB-CLIENT GIF transfer (web-client.rules) 3536 - WEB-CLIENT Mozilla GIF multipacket heap overflow (web-client.rules) 3537 - TELNET client ENV OPT escape overflow attempt (telnet.rules) 3538 - EXPLOIT RADIUS registration MSID overflow attempt (exploit.rules) 3539 - EXPLOIT RADIUS MSID overflow attempt (exploit.rules) 3540 - EXPLOIT RADIUS registration vendor ATTR_TYPE_STR overflow attempt (exploit.rules) 3541 - EXPLOIT RADIUS ATTR_TYPE_STR overflow attempt (exploit.rules) 3542 - MS-SQL SA brute force login attempt (sql.rules) 3543 - MS-SQL SA brute force login attempt TDS v7/8 (sql.rules) 3544 - WEB-MISC TrackerCam ComGetLogFile.php3 directory traversal attempt (web-misc.rules) 3545 - WEB-MISC TrackerCam ComGetLogFile.php3 log information disclosure (web-misc.rules) 3546 - WEB-MISC TrackerCam User-Agent buffer overflow attempt (web-misc.rules) 3547 - WEB-MISC TrackerCam overly long php parameter overflow attempt (web-misc.rules) 3548 - WEB-MISC TrackerCam negative Content-Length attempt (web-misc.rules) Updated rules: 1826 - WEB-MISC WEB-INF access (web-misc.rules) 2505 - WEB-MISC SSLv3 invalid data version attempt (deleted.rules) 3152 - MS-SQL sa brute force failed login attempt (sql.rules) 3273 - MS-SQL sa brute force failed login unicode attempt (sql.rules)
