Sourcefire VRT Update

Date: 2007-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
10126 <-> DOS Microsoft IP Options denial of service (shared object rule)
10127 <-> WEB-CLIENT Quicktime JPEG Huffman Table integer underflow attempt (shared object rule)
10128 <-> WEB-CLIENT Aliplay ActiveX clsid access (web-client.rules)
10129 <-> WEB-CLIENT Aliplay ActiveX clsid unicode access (web-client.rules)
10130 <-> POLICY VERITAS NetBackup system execution function call access attempt (policy.rules)
10131 <-> WEB-CLIENT mozilla compareTo arbitrary code execution attempt (web-client.rules)
10132 <-> RPC portmap BrightStor ARCserve denial of service attempt (rpc.rules)
10133 <-> RPC portmap BrightStor ARCserve denial of service attempt (rpc.rules)
10134 <-> SPECIFIC-THREATS CA Brightstor discovery service buffer overflow attempt (specific-threats.rules)
10135 <-> DOS Squid proxy FTP denial of service attempt (dos.rules)

Updated rules:
2543 <-> SMTP SSLv3 Server_Hello request (smtp.rules)
3819 <-> WEB-CLIENT multipacket CHM file transfer start (web-client.rules)
4194 <-> WEB-CLIENT multipacket CBO CBL CBM file transfer start (web-client.rules)
6010 <-> EXPLOIT VERITAS NetBackup vnetd connection attempt (exploit.rules)
6404 <-> EXPLOIT Veritas NetBackup Volume Manager connection attempt (exploit.rules)
6469 <-> EXPLOIT RealVNC connection attempt (exploit.rules)
6470 <-> EXPLOIT RealVNC authentication types sent attempt (exploit.rules)
6517 <-> WEB-CLIENT DXImageTransform.Microsoft.Light ActiveX CLSID access (web-client.rules)
6681 <-> WEB-CLIENT Windows Media Transform Effects ActiveX CLSID access (web-client.rules)
6684 <-> WEB-CLIENT DXImageTransform.Microsoft.MMSpecialEffect1Input ActiveX CLSID access (web-client.rules)
6686 <-> WEB-CLIENT DXImageTransform.Microsoft.MMSpecialEffect2Inputs ActiveX CLSID access (web-client.rules)
6688 <-> WEB-CLIENT PNG file transfer (web-client.rules)
7425 <-> WEB-CLIENT 9x8Resize ActiveX CLSID access (web-client.rules)
7427 <-> WEB-CLIENT Allocator Fix ActiveX CLSID access (web-client.rules)
7429 <-> WEB-CLIENT Bitmap ActiveX CLSID access (web-client.rules)
7431 <-> WEB-CLIENT DirectFrame.DirectControl.1 ActiveX CLSID access (web-client.rules)
7433 <-> WEB-CLIENT DirectX Transform Wrapper Property Page ActiveX CLSID access (web-client.rules)
7437 <-> WEB-CLIENT Frame Eater ActiveX CLSID access (web-client.rules)
7439 <-> WEB-CLIENT HTML Help ActiveX CLSID access (web-client.rules)
7442 <-> WEB-CLIENT mmAEPlugIn.AEPlugIn.1 ActiveX CLSID access (web-client.rules)
7444 <-> WEB-CLIENT Mmedia.AsyncMHandler.1 ActiveX CLSID access (web-client.rules)
7446 <-> WEB-CLIENT Record Queue ActiveX CLSID access (web-client.rules)
7450 <-> WEB-CLIENT Stetch ActiveX CLSID access (web-client.rules)
7452 <-> WEB-CLIENT WM Color Converter Filter ActiveX CLSID access (web-client.rules)
7454 <-> WEB-CLIENT Wmm2ae.dll ActiveX CLSID access (web-client.rules)
7456 <-> WEB-CLIENT Wmm2fxa.dll ActiveX CLSID access (web-client.rules)
7458 <-> WEB-CLIENT Wmm2fxb.dll ActiveX CLSID access (web-client.rules)
7460 <-> WEB-CLIENT WMT Audio Analyzer ActiveX CLSID access (web-client.rules)
7462 <-> WEB-CLIENT WMT Black Frame Generator ActiveX CLSID access (web-client.rules)
7464 <-> WEB-CLIENT WMT DeInterlace Filter ActiveX CLSID access (web-client.rules)
7466 <-> WEB-CLIENT WMT DeInterlace Prop Page ActiveX CLSID access (web-client.rules)
7468 <-> WEB-CLIENT WMT DirectX Transform Wrapper ActiveX CLSID access (web-client.rules)
7470 <-> WEB-CLIENT WMT DV Extract Filter ActiveX CLSID access (web-client.rules)
7472 <-> WEB-CLIENT WMT FormatConversion Prop Page ActiveX CLSID access (web-client.rules)
7474 <-> WEB-CLIENT WMT FormatConversion ActiveX CLSID access (web-client.rules)
7476 <-> WEB-CLIENT WMT Import Filter ActiveX CLSID access (web-client.rules)
7478 <-> WEB-CLIENT WMT Interlacer ActiveX CLSID access (web-client.rules)
7480 <-> WEB-CLIENT WMT Log Filter ActiveX CLSID access (web-client.rules)
7482 <-> WEB-CLIENT WMT MuxDeMux Filter ActiveX CLSID access (web-client.rules)
7484 <-> WEB-CLIENT WMT Sample Info Filter ActiveX CLSID access (web-client.rules)
7486 <-> WEB-CLIENT WMT Screen Capture Filter Task Page ActiveX CLSID access (web-client.rules)
7488 <-> WEB-CLIENT WMT Screen capture Filter ActiveX CLSID access (web-client.rules)
7490 <-> WEB-CLIENT WMT Switch Filter ActiveX CLSID access (web-client.rules)
7492 <-> WEB-CLIENT WMT Virtual Renderer ActiveX CLSID access (web-client.rules)
7494 <-> WEB-CLIENT WMT Virtual Source ActiveX CLSID access (web-client.rules)
7496 <-> WEB-CLIENT WMT Volume ActiveX CLSID access (web-client.rules)
7498 <-> WEB-CLIENT WM TV Out Smooth Picture Filter ActiveX CLSID access (web-client.rules)
7500 <-> WEB-CLIENT WM VIH2 Fix ActiveX CLSID access (web-client.rules)
9441 <-> NETBIOS DCERPC DIRECT v4 brightstor QSIGetQueuePath overflow attempt (netbios.rules)
9442 <-> NETBIOS DCERPC DIRECT brightstor QSIGetQueuePath little endian overflow attempt (netbios.rules)
9443 <-> NETBIOS DCERPC DIRECT v4 brightstor QSIGetQueuePath little endian overflow attempt (netbios.rules)
9444 <-> NETBIOS DCERPC DIRECT brightstor QSIGetQueuePath overflow attempt (netbios.rules)
9445 <-> NETBIOS DCERPC DIRECT brightstor QSIGetQueuePath little endian object call overflow attempt (netbios.rules)
9446 <-> NETBIOS DCERPC DIRECT brightstor QSIGetQueuePath object call overflow attempt (netbios.rules)
9823 <-> WEB-CLIENT QuickTime RTSP URI overflow attempt (web-client.rules)
10010 <-> EXPLOIT Putty Server key exchange buffer overflow attempt (exploit.rules)
10123 <-> SPECIFIC-THREATS PA168 Chipset Based IP Phone Default Password Attempt (specific-threats.rules)
10124 <-> SPECIFIC-THREATS PA168 Chipset Based IP Phone Authentication Bypass (specific-threats.rules)