Sourcefire VRT Certified Rules Update
Date: 2005-05-18
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 3651 - EXPLOIT CVS rsh annotate revision overflow attempt (exploit.rules) 3652 - EXPLOIT CVS pserver annotate revision overflow attempt (exploit.rules) 3653 - SMTP SAML overflow attempt (smtp.rules) 3654 - SMTP SOML overflow attempt (smtp.rules) 3655 - SMTP SEND overflow attempt (smtp.rules) 3656 - SMTP MAIL overflow attempt (smtp.rules) 3657 - ORACLE ctxsys.driload attempt (oracle.rules) 3658 - EXPLOIT ARCserve backup universal agent option 1000 little endian buffer overflow attempt (exploit.rules) 3659 - EXPLOIT ARCserve backup universal agent option 1000 buffer overflow attempt (exploit.rules) 3660 - EXPLOIT ARCserve backup universal agent option 00 little endian buffer overflow attempt (exploit.rules) 3661 - EXPLOIT ARCserve backup universal agent option 00 buffer overflow attempt (exploit.rules) 3662 - EXPLOIT ARCserve backup universal agent option 03 little endian buffer overflow attempt (exploit.rules) 3663 - EXPLOIT ARCserve backup universal agent option 03 buffer overflow attempt (exploit.rules) 3664 - EXPLOIT PPTP echo request buffer overflow attempt (exploit.rules) Updated rules: 1909 - RPC CMSD TCP CMSD_INSERT buffer overflow attempt (rpc.rules) 2515 - WEB-MISC PCT Client_Hello overflow attempt (web-misc.rules) 2516 - POP3 PCT Client_Hello overflow attempt (deleted.rules) 2517 - IMAP PCT Client_Hello overflow attempt (imap.rules) 2518 - POP3 PCT Client_Hello overflow attempt (pop3.rules) 2528 - SMTP PCT Client_Hello overflow attempt (smtp.rules) 3511 - SMTP PCT Client_Hello overflow attempt (smtp.rules) 3526 - ORACLE XDB FTP UNLOCK overflow attempt (oracle.rules)
