Sourcefire VRT Update

Date: 2006-03-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
5714 - SMTP x-unix-mode executable mail attachment (smtp.rules)
5715 - WEB-MISC malformed ipv6 uri overflow attempt (web-misc.rules)
5716 - NETBIOS SMB-DS Trans Max Param/Count DOS attempt (netbios.rules)
5717 - NETBIOS SMB-DS Trans unicode Max Param/Count DOS attempt (netbios.rules)
5718 - NETBIOS-DG SMB Trans Max Param/Count DOS attempt (netbios.rules)
5719 - NETBIOS-DG SMB Trans unicode Max Param/Count DOS attempt (netbios.rules)
5720 - NETBIOS SMB Trans Max Param/Count DOS attempt (netbios.rules)
5721 - NETBIOS SMB Trans unicode andx Max Param/Count DOS attempt (netbios.rules)
5722 - NETBIOS SMB-DS Trans andx Max Param/Count DOS attempt (netbios.rules)
5723 - NETBIOS SMB-DS Trans unicode andx Max Param/Count DOS attempt (netbios.rules)
5724 - NETBIOS-DG SMB Trans andx Max Param/Count DOS attempt (netbios.rules)
5725 - NETBIOS-DG SMB Trans unicode andx Max Param/Count DOS attempt (netbios.rules)
5726 - NETBIOS SMB Trans andx Max Param/Count DOS attempt (netbios.rules)
5727 - NETBIOS SMB Trans unicode Max Param DOS attempt (netbios.rules)
5728 - NETBIOS SMB-DS Trans Max Param DOS attempt (netbios.rules)
5729 - NETBIOS-DG SMB Trans Max Param DOS attempt (netbios.rules)
5730 - NETBIOS SMB Trans Max Param DOS attempt (netbios.rules)
5731 - NETBIOS-DG SMB Trans unicode Max Param DOS attempt (netbios.rules)
5732 - NETBIOS SMB-DS Trans unicode Max Param DOS attempt (netbios.rules)
5733 - NETBIOS SMB Trans unicode andx Max Param DOS attempt (netbios.rules)
5734 - NETBIOS SMB-DS Trans andx Max Param DOS attempt (netbios.rules)
5735 - NETBIOS-DG SMB Trans andx Max Param DOS attempt (netbios.rules)
5736 - NETBIOS SMB Trans andx Max Param DOS attempt (netbios.rules)
5737 - NETBIOS-DG SMB Trans unicode andx Max Param DOS attempt (netbios.rules)
5738 - NETBIOS SMB-DS Trans unicode andx Max Param DOS attempt (netbios.rules)

Updated rules:
 337 - FTP CEL overflow attempt (ftp.rules)
1379 - FTP STAT overflow attempt (ftp.rules)
1529 - FTP SITE overflow attempt (ftp.rules)
1621 - FTP CMD overflow attempt (ftp.rules)
1624 - FTP PWD overflow attempt (ftp.rules)
1625 - FTP SYST overflow attempt (ftp.rules)
1734 - FTP USER overflow attempt (ftp.rules)
1792 - NNTP return code buffer overflow attempt (nntp.rules)
1919 - FTP CWD overflow attempt (ftp.rules)
1942 - FTP RMDIR overflow attempt (ftp.rules)
1972 - FTP PASS overflow attempt (ftp.rules)
1973 - FTP MKD overflow attempt (ftp.rules)
1974 - FTP REST overflow attempt (ftp.rules)
1975 - FTP DELE overflow attempt (ftp.rules)
1976 - FTP RMD overflow attempt (ftp.rules)
2101 - NETBIOS SMB Trans unicode Max Param/Count DOS attempt (netbios.rules)
2338 - FTP LIST buffer overflow attempt (ftp.rules)
2343 - FTP STOR overflow attempt (ftp.rules)
2344 - FTP XCWD overflow attempt (ftp.rules)
2373 - FTP XMKD overflow attempt (ftp.rules)
2374 - FTP NLST overflow attempt (ftp.rules)
2389 - FTP RNTO overflow attempt (ftp.rules)
2391 - FTP APPE overflow attempt (ftp.rules)
2392 - FTP RETR overflow attempt (ftp.rules)
2449 - FTP ALLO overflow attempt (ftp.rules)
2546 - FTP MDTM overflow attempt (ftp.rules)
3680 - P2P AOL Instant Messenger file send attempt (p2p.rules)
3681 - P2P AOL Instant Messenger file receive attempt (p2p.rules)
4990 - MS-SQL Heap-Based Overflow Attempt (sql.rules)
5316 - EXPLOIT CA CAM log_security overflow attempt (exploit.rules)