Sourcefire VRT Certified Rules Update
Date: 2005-08-18
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 4126 - EXPLOIT Veritas Backup Exec root connection attempt using default password hash (exploit.rules) 4127 - EXPLOIT Novell eDirectory Server iMonitor overflow attempt (exploit.rules) 4128 - WEB-CGI 4DWebstar ShellExample.cgi information disclosure (web-cgi.rules) 4129 - EXPLOIT Novell ZenWorks Remote Management Agent large login packet DoS attempt (exploit.rules) 4130 - EXPLOIT Novell ZenWorks Remote Management Agent Buffer Overflow Attempt (exploit.rules) 4131 - EXPLOIT SHOUTcast URI format string attempt (exploit.rules) 4132 - WEB-CLIENT msdds clsid attempt (web-client.rules) 4133 - WEB-CLIENT devenum clsid attempt (web-client.rules) 4134 - WEB-CLIENT blnmgr clsid attempt (web-client.rules) 4135 - WEB-CLIENT IE JPEG heap overflow single packet attempt (web-client.rules) 4136 - WEB-CLIENT IE JPEG heap overflow multipacket attempt (web-client.rules) Updated rules: 1652 - WEB-CGI campas attempt (web-cgi.rules) 2671 - WEB-CLIENT bitmap BitmapOffset integer overflow attempt (web-client.rules) 3192 - WEB-CLIENT Windows Media Player directory traversal via Content-Disposition attempt (web-client.rules) 3685 - WEB-CLIENT bitmap BitmapOffset multipacket integer overflow attempt (web-client.rules)
