Sourcefire VRT Update
Date: 2006-07-13
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 7020 - WEB-CLIENT isComponentInstalled function call access (web-client.rules) 7021 - DOS linux kernel SCTP chunkless packet denial of service attempt (dos.rules) 7022 - WEB-CLIENT windows explorer invalid url file overflow attempt (web-client.rules) 7023 - WEB-CLIENT xls file download (web-client.rules) 7024 - WEB-CLIENT excel style handling overflow attempt (web-client.rules) 7025 - WEB-CLIENT excel url unicode overflow attempt (web-client.rules) 7026 - WEB-CLIENT RDS.Dataspace ActiveX function call access (web-client.rules) 7027 - WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules) 7028 - WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules) 7029 - WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules) 7030 - POLICY silc server response attempt (policy.rules) 7031 - POLICY silc client outbound connection attempt (policy.rules) 7032 - POLICY GoToMyPC startup (policy.rules) 7033 - POLICY GoToMyPC local service running (policy.rules) 7034 - POLICY GoToMyPC remote control attempt (policy.rules) 7035 - NETBIOS SMB Trans mailslot heap overflow attempt (netbios.rules) 7036 - NETBIOS SMB Trans unicode mailslot heap overflow attempt (netbios.rules) 7037 - NETBIOS SMB-DS Trans mailslot heap overflow attempt (netbios.rules) 7038 - NETBIOS SMB-DS Trans unicode mailslot heap overflow attempt (netbios.rules) 7039 - NETBIOS-DG SMB Trans mailslot heap overflow attempt (netbios.rules) 7040 - NETBIOS-DG SMB Trans unicode mailslot heap overflow attempt (netbios.rules) 7041 - NETBIOS SMB Trans andx mailslot heap overflow attempt (netbios.rules) 7042 - NETBIOS SMB Trans unicode andx mailslot heap overflow attempt (netbios.rules) 7043 - NETBIOS SMB-DS Trans andx mailslot heap overflow attempt (netbios.rules) 7044 - NETBIOS SMB-DS Trans unicode andx mailslot heap overflow attempt (netbios.rules) 7045 - NETBIOS-DG SMB Trans andx mailslot heap overflow attempt (netbios.rules) 7046 - NETBIOS-DG SMB Trans unicode andx mailslot heap overflow attempt (netbios.rules) 7047 - WEB-CLIENT excel object record overflow attempt (web-client.rules) 7048 - WEB-CLIENT excel object record overflow attempt (web-client.rules) Updated rules: 1801 - DELETED WEB-IIS .asp HTTP header buffer overflow attempt (deleted.rules) 5704 - IMAP SELECT overflow attempt (imap.rules) 7002 - WEB-CLIENT excel url unicode overflow attempt (web-client.rules)
