Sourcefire VRT Certified Rules Update
Date: 2005-11-09
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 4642 - ORACLE sys.pbsde.init buffer overflow attempt (oracle.rules) 4643 - WEB-CLIENT malformed windows shortcut file buffer overflow attempt (web-client.rules) 4644 - WEB-CLIENT malformed windows shortcut file with comment buffer overflow attempt (web-client.rules) 4645 - IMAP search format string attempt (imap.rules) 4646 - IMAP search literal format string attempt (imap.rules) 4647 - WEB-CLIENT internet explorer javascript onload denial of service attempt (web-client.rules) 4648 - WEB-CLIENT wang image admin activex object access (web-client.rules) 4649 - MYSQL CREATE FUNCTION buffer overflow attempt (mysql.rules) 4650 - WEB-MISC cacti graph_image.php access (web-misc.rules) 4651 - NETBIOS SMB NT Trans NT SET SECURITY DESC SACL overflow attempt (netbios.rules) 4652 - NETBIOS SMB NT Trans NT SET SECURITY DESC andx SACL overflow attempt (netbios.rules) 4653 - NETBIOS SMB NT Trans NT SET SECURITY DESC unicode SACL overflow attempt (netbios.rules) 4654 - NETBIOS SMB NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt (netbios.rules) 4655 - NETBIOS SMB-DS NT Trans NT SET SECURITY DESC SACL overflow attempt (netbios.rules) 4656 - NETBIOS SMB-DS NT Trans NT SET SECURITY DESC andx SACL overflow attempt (netbios.rules) 4657 - NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode SACL overflow attempt (netbios.rules) 4658 - NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt (netbios.rules) 4659 - NETBIOS-DG SMB NT Trans NT SET SECURITY DESC SACL overflow attempt (netbios.rules) 4660 - NETBIOS-DG SMB NT Trans NT SET SECURITY DESC andx SACL overflow attempt (netbios.rules) 4661 - NETBIOS-DG SMB NT Trans NT SET SECURITY DESC unicode SACL overflow attempt (netbios.rules) 4662 - NETBIOS-DG SMB NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt (netbios.rules) 4663 - NETBIOS SMB NT Trans NT SET SECURITY DESC DACL overflow attempt (netbios.rules) 4664 - NETBIOS SMB NT Trans NT SET SECURITY DESC andx DACL overflow attempt (netbios.rules) 4665 - NETBIOS SMB NT Trans NT SET SECURITY DESC unicode DACL overflow attempt (netbios.rules) 4666 - NETBIOS SMB NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt (netbios.rules) 4667 - NETBIOS SMB-DS NT Trans NT SET SECURITY DESC DACL overflow attempt (netbios.rules) 4668 - NETBIOS SMB-DS NT Trans NT SET SECURITY DESC andx DACL overflow attempt (netbios.rules) 4669 - NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode DACL overflow attempt (netbios.rules) 4670 - NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt (netbios.rules) 4671 - NETBIOS-DG SMB NT Trans NT SET SECURITY DESC DACL overflow attempt (netbios.rules) 4672 - NETBIOS-DG SMB NT Trans NT SET SECURITY DESC andx DACL overflow attempt (netbios.rules) 4673 - NETBIOS-DG SMB NT Trans NT SET SECURITY DESC unicode DACL overflow attempt (netbios.rules) 4674 - NETBIOS-DG SMB NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt (netbios.rules) 4675 - WEB-CLIENT Macromedia swf DOACTION tag overflow attempt (web-client.rules) 4676 - ORACLE enterprise manager application server control POST parameter overflow attempt (oracle.rules) 4677 - ORACLE enterprise manager application server control GET parameter overflow attempt (oracle.rules) 4678 - WEB-CLIENT quicktime movie file transfer (web-client.rules) 4679 - WEB-CLIENT quicktime movie file component name integer overflow multipacket attempt (web-client.rules) 4680 - WEB-CLIENT quicktime movie file component name integer overflow attempt (web-client.rules) Updated rules: 324 - FINGER null request (finger.rules) 904 - WEB-COLDFUSION exampleapp application.cfm (web-coldfusion.rules) 905 - WEB-COLDFUSION application.cfm access (web-coldfusion.rules) 906 - WEB-COLDFUSION getfile.cfm access (web-coldfusion.rules) 1042 - WEB-IIS view source via translate header (web-iis.rules) 1600 - WEB-CGI htsearch arbitrary configuration file attempt (web-cgi.rules) 1973 - FTP MKD overflow attempt (ftp.rules) 2570 - WEB-MISC Invalid HTTP Version String (web-misc.rules) 3442 - DOS WIN32 TCP print service overflow attempt (dos.rules) 4143 - EXPLOIT lpd receive printer job cascade adaptor protocol request (exploit.rules) 4144 - EXPLOIT lpd Solaris unlink file attempt (exploit.rules) 4381 - NETBIOS SMB spoolss alter context attempt (netbios.rules) 4382 - NETBIOS SMB spoolss andx alter context attempt (netbios.rules) 4383 - NETBIOS SMB spoolss WriteAndX alter context attempt (netbios.rules) 4384 - NETBIOS SMB spoolss WriteAndX andx alter context attempt (netbios.rules) 4385 - NETBIOS SMB spoolss unicode alter context attempt (netbios.rules) 4386 - NETBIOS SMB spoolss WriteAndX unicode alter context attempt (netbios.rules) 4387 - NETBIOS SMB spoolss unicode andx alter context attempt (netbios.rules) 4388 - NETBIOS SMB spoolss WriteAndX unicode andx alter context attempt (netbios.rules) 4389 - NETBIOS SMB spoolss little endian alter context attempt (netbios.rules) 4390 - NETBIOS SMB spoolss WriteAndX little endian alter context attempt (netbios.rules) 4391 - NETBIOS SMB spoolss little endian andx alter context attempt (netbios.rules) 4392 - NETBIOS SMB spoolss WriteAndX little endian andx alter context attempt (netbios.rules) 4393 - NETBIOS SMB spoolss unicode little endian alter context attempt (netbios.rules) 4394 - NETBIOS SMB spoolss WriteAndX unicode little endian alter context attempt (netbios.rules) 4395 - NETBIOS SMB spoolss unicode little endian andx alter context attempt (netbios.rules) 4396 - NETBIOS SMB spoolss WriteAndX unicode little endian andx alter context attempt (netbios.rules) 4397 - NETBIOS SMB spoolss bind attempt (netbios.rules) 4398 - NETBIOS SMB spoolss andx bind attempt (netbios.rules) 4399 - NETBIOS SMB spoolss WriteAndX bind attempt (netbios.rules) 4400 - NETBIOS SMB spoolss WriteAndX andx bind attempt (netbios.rules) 4401 - NETBIOS SMB spoolss unicode bind attempt (netbios.rules) 4402 - NETBIOS SMB spoolss WriteAndX unicode bind attempt (netbios.rules) 4403 - NETBIOS SMB spoolss unicode andx bind attempt (netbios.rules) 4404 - NETBIOS SMB spoolss WriteAndX unicode andx bind attempt (netbios.rules) 4405 - NETBIOS SMB spoolss little endian bind attempt (netbios.rules) 4406 - NETBIOS SMB spoolss WriteAndX little endian bind attempt (netbios.rules) 4407 - NETBIOS SMB spoolss little endian andx bind attempt (netbios.rules) 4408 - NETBIOS SMB spoolss WriteAndX little endian andx bind attempt (netbios.rules) 4409 - NETBIOS SMB spoolss unicode little endian bind attempt (netbios.rules) 4410 - NETBIOS SMB spoolss WriteAndX unicode little endian bind attempt (netbios.rules) 4411 - NETBIOS SMB spoolss unicode little endian andx bind attempt (netbios.rules) 4412 - NETBIOS SMB spoolss WriteAndX unicode little endian andx bind attempt (netbios.rules) 4413 - NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX little endian andx overflow attempt (netbios.rules) 4414 - NETBIOS SMB spoolss AddPrinterEx little endian overflow attempt (netbios.rules) 4415 - NETBIOS SMB spoolss AddPrinterEx little endian andx overflow attempt (netbios.rules) 4416 - NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX unicode little endian overflow attempt (netbios.rules) 4417 - NETBIOS SMB v4 spoolss AddPrinterEx unicode little endian overflow attempt (netbios.rules) 4418 - NETBIOS SMB spoolss AddPrinterEx WriteAndX unicode little endian overflow attempt (netbios.rules) 4419 - NETBIOS SMB spoolss AddPrinterEx WriteAndX little endian overflow attempt (netbios.rules) 4420 - NETBIOS SMB v4 spoolss AddPrinterEx little endian andx overflow attempt (netbios.rules) 4421 - NETBIOS SMB spoolss AddPrinterEx unicode little endian overflow attempt (netbios.rules) 4422 - NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX unicode little endian andx overflow attempt (netbios.rules) 4423 - NETBIOS SMB spoolss AddPrinterEx unicode little endian andx overflow attempt (netbios.rules) 4424 - NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX unicode andx overflow attempt (netbios.rules) 4425 - NETBIOS SMB v4 spoolss AddPrinterEx little endian overflow attempt (netbios.rules) 4426 - NETBIOS SMB v4 spoolss AddPrinterEx unicode little endian andx overflow attempt (netbios.rules) 4427 - NETBIOS SMB spoolss AddPrinterEx WriteAndX unicode little endian andx overflow attempt (netbios.rules) 4428 - NETBIOS SMB spoolss AddPrinterEx WriteAndX little endian andx overflow attempt (netbios.rules) 4429 - NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX little endian overflow attempt (netbios.rules) 4430 - NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX overflow attempt (netbios.rules) 4431 - NETBIOS SMB spoolss AddPrinterEx WriteAndX overflow attempt (netbios.rules) 4432 - NETBIOS SMB v4 spoolss AddPrinterEx unicode andx overflow attempt (netbios.rules) 4433 - NETBIOS SMB spoolss AddPrinterEx unicode andx overflow attempt (netbios.rules) 4434 - NETBIOS SMB v4 spoolss AddPrinterEx overflow attempt (netbios.rules) 4435 - NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX unicode overflow attempt (netbios.rules) 4436 - NETBIOS SMB v4 spoolss AddPrinterEx unicode overflow attempt (netbios.rules) 4437 - NETBIOS SMB v4 spoolss AddPrinterEx andx overflow attempt (netbios.rules) 4438 - NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX andx overflow attempt (netbios.rules) 4439 - NETBIOS SMB spoolss AddPrinterEx overflow attempt (netbios.rules) 4440 - NETBIOS SMB spoolss AddPrinterEx WriteAndX unicode overflow attempt (netbios.rules) 4441 - NETBIOS SMB spoolss AddPrinterEx andx overflow attempt (netbios.rules) 4442 - NETBIOS SMB spoolss AddPrinterEx WriteAndX andx overflow attempt (netbios.rules) 4443 - NETBIOS SMB spoolss AddPrinterEx unicode overflow attempt (netbios.rules) 4444 - NETBIOS SMB spoolss AddPrinterEx WriteAndX unicode andx overflow attempt (netbios.rules) 4445 - NETBIOS SMB-DS spoolss alter context attempt (netbios.rules) 4446 - NETBIOS SMB-DS spoolss andx alter context attempt (netbios.rules) 4447 - NETBIOS SMB-DS spoolss WriteAndX alter context attempt (netbios.rules) 4448 - NETBIOS SMB-DS spoolss WriteAndX andx alter context attempt (netbios.rules) 4449 - NETBIOS SMB-DS spoolss unicode alter context attempt (netbios.rules) 4450 - NETBIOS SMB-DS spoolss WriteAndX unicode alter context attempt (netbios.rules) 4451 - NETBIOS SMB-DS spoolss unicode andx alter context attempt (netbios.rules) 4452 - NETBIOS SMB-DS spoolss WriteAndX unicode andx alter context attempt (netbios.rules) 4453 - NETBIOS SMB-DS spoolss little endian alter context attempt (netbios.rules) 4454 - NETBIOS SMB-DS spoolss WriteAndX little endian alter context attempt (netbios.rules) 4455 - NETBIOS SMB-DS spoolss little endian andx alter context attempt (netbios.rules) 4456 - NETBIOS SMB-DS spoolss WriteAndX little endian andx alter context attempt (netbios.rules) 4457 - NETBIOS SMB-DS spoolss unicode little endian alter context attempt (netbios.rules) 4458 - NETBIOS SMB-DS spoolss WriteAndX unicode little endian alter context attempt (netbios.rules) 4459 - NETBIOS SMB-DS spoolss unicode little endian andx alter context attempt (netbios.rules) 4460 - NETBIOS SMB-DS spoolss WriteAndX unicode little endian andx alter context attempt (netbios.rules) 4461 - NETBIOS SMB-DS spoolss bind attempt (netbios.rules) 4462 - NETBIOS SMB-DS spoolss andx bind attempt (netbios.rules) 4463 - NETBIOS SMB-DS spoolss WriteAndX bind attempt (netbios.rules) 4464 - NETBIOS SMB-DS spoolss WriteAndX andx bind attempt (netbios.rules) 4465 - NETBIOS SMB-DS spoolss unicode bind attempt (netbios.rules) 4466 - NETBIOS SMB-DS spoolss WriteAndX unicode bind attempt (netbios.rules) 4467 - NETBIOS SMB-DS spoolss unicode andx bind attempt (netbios.rules) 4468 - NETBIOS SMB-DS spoolss WriteAndX unicode andx bind attempt (netbios.rules) 4469 - NETBIOS SMB-DS spoolss little endian bind attempt (netbios.rules) 4470 - NETBIOS SMB-DS spoolss WriteAndX little endian bind attempt (netbios.rules) 4471 - NETBIOS SMB-DS spoolss little endian andx bind attempt (netbios.rules) 4472 - NETBIOS SMB-DS spoolss WriteAndX little endian andx bind attempt (netbios.rules) 4473 - NETBIOS SMB-DS spoolss unicode little endian bind attempt (netbios.rules) 4474 - NETBIOS SMB-DS spoolss WriteAndX unicode little endian bind attempt (netbios.rules) 4475 - NETBIOS SMB-DS spoolss unicode little endian andx bind attempt (netbios.rules) 4476 - NETBIOS SMB-DS spoolss WriteAndX unicode little endian andx bind attempt (netbios.rules) 4477 - NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX little endian andx overflow attempt (netbios.rules) 4478 - NETBIOS SMB-DS spoolss AddPrinterEx little endian overflow attempt (netbios.rules) 4479 - NETBIOS SMB-DS spoolss AddPrinterEx little endian andx overflow attempt (netbios.rules) 4480 - NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX unicode little endian overflow attempt (netbios.rules) 4481 - NETBIOS SMB-DS v4 spoolss AddPrinterEx unicode little endian overflow attempt (netbios.rules) 4482 - NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX unicode little endian overflow attempt (netbios.rules) 4483 - NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX little endian overflow attempt (netbios.rules) 4484 - NETBIOS SMB-DS v4 spoolss AddPrinterEx little endian andx overflow attempt (netbios.rules) 4485 - NETBIOS SMB-DS spoolss AddPrinterEx unicode little endian overflow attempt (netbios.rules) 4486 - NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX unicode little endian andx overflow attempt (netbios.rules) 4487 - NETBIOS SMB-DS spoolss AddPrinterEx unicode little endian andx overflow attempt (netbios.rules) 4488 - NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX unicode andx overflow attempt (netbios.rules) 4489 - NETBIOS SMB-DS v4 spoolss AddPrinterEx little endian overflow attempt (netbios.rules) 4490 - NETBIOS SMB-DS v4 spoolss AddPrinterEx unicode little endian andx overflow attempt (netbios.rules) 4491 - NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX unicode little endian andx overflow attempt (netbios.rules) 4492 - NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX little endian andx overflow attempt (netbios.rules) 4493 - NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX little endian overflow attempt (netbios.rules) 4494 - NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX overflow attempt (netbios.rules) 4495 - NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX overflow attempt (netbios.rules) 4496 - NETBIOS SMB-DS v4 spoolss AddPrinterEx unicode andx overflow attempt (netbios.rules) 4497 - NETBIOS SMB-DS spoolss AddPrinterEx unicode andx overflow attempt (netbios.rules) 4498 - NETBIOS SMB-DS v4 spoolss AddPrinterEx overflow attempt (netbios.rules) 4499 - NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX unicode overflow attempt (netbios.rules) 4500 - NETBIOS SMB-DS v4 spoolss AddPrinterEx unicode overflow attempt (netbios.rules) 4501 - NETBIOS SMB-DS v4 spoolss AddPrinterEx andx overflow attempt (netbios.rules) 4502 - NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX andx overflow attempt (netbios.rules) 4503 - NETBIOS SMB-DS spoolss AddPrinterEx overflow attempt (netbios.rules) 4504 - NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX unicode overflow attempt (netbios.rules) 4505 - NETBIOS SMB-DS spoolss AddPrinterEx andx overflow attempt (netbios.rules) 4506 - NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX andx overflow attempt (netbios.rules) 4507 - NETBIOS SMB-DS spoolss AddPrinterEx unicode overflow attempt (netbios.rules) 4508 - NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX unicode andx overflow attempt (netbios.rules)
