Sourcefire VRT Certified Rules Update

Date: 2005-06-29

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
3690 - WEB-CGI Nucleus CMS action.php itemid SQL injection (web-cgi.rules)
3691 - CHAT Yahoo Messenger Message (chat.rules)
3692 - CHAT Yahoo Messenger File Transfer Initiation Request (chat.rules)
3693 - WEB-MISC IBM WebSphere j_security_check overflow attempt (web-misc.rules)
3694 - WEB-MISC Squid content length cache poisoning attempt (web-misc.rules)

Updated rules:
 272 - DOS IGMP dos attack (dos.rules)
 500 - MISC source route lssr (misc.rules)
 501 - MISC source route lssre (misc.rules)
 658 - SMTP exchange mime DOS (smtp.rules)
 661 - SMTP majordomo ifs (smtp.rules)
 939 - WEB-FRONTPAGE posting (web-frontpage.rules)
 978 - WEB-IIS ASP contents view (web-iis.rules)
 979 - WEB-IIS ASP contents view (web-iis.rules)
1007 - WEB-IIS cross-site scripting attempt (web-iis.rules)
1010 - WEB-IIS encoding access (web-iis.rules)
1019 - IIS Malformed Hit-Highlighting Argument File Access Attempt (web-iis.rules)
1021 - WEB-IIS ism.dll attempt (web-iis.rules)
1037 - WEB-IIS showcode.asp access (web-iis.rules)
1219 - WEB-CGI dfire.cgi access (web-cgi.rules)
1455 - WEB-CGI calendar.pl access (web-cgi.rules)
1507 - WEB-CGI alibaba.pl arbitrary command execution attempt (web-cgi.rules)
1725 - WEB-IIS +.htr code fragment attempt (web-iis.rules)
1847 - WEB-MISC webalizer access (web-misc.rules)
1911 - RPC sadmind UDP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt (rpc.rules)
1936 - POP3 AUTH overflow attempt (pop3.rules)
1970 - WEB-IIS MDAC Content-Type overflow attempt (web-iis.rules)
1991 - CHAT MSN login attempt (chat.rules)
2128 - WEB-CGI swsrv.cgi access (web-cgi.rules)
2338 - FTP LIST buffer overflow attempt (ftp.rules)
2456 - CHAT Yahoo Messenger File Transfer Receive Request (chat.rules)
2485 - WEB-CLIENT Norton antivirus sysmspam.dll load attempt (web-client.rules)
3218 - NETBIOS SMB OpenKey overflow attempt (netbios.rules)
3233 - NETBIOS SMB-DS OpenKey unicode little endian andx overflow attempt (netbios.rules)
3442 - DOS WIN32 TCP print service denial of service attempt (dos.rules)
3687 - TELNET client ENV OPT USERVAR information disclosure (telnet.rules)
3688 - TELNET client ENV OPT VAR information disclosure (telnet.rules)