Sourcefire VRT Update

Date: 2007-04-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
10978 <-> WEB-CLIENT Second Sight Software ActiveGS ActiveX clsid access (web-client.rules)
10979 <-> WEB-CLIENT Second Sight Software ActiveGS ActiveX clsid unicode access (web-client.rules)
10980 <-> WEB-CLIENT Second Sight Software ActiveGS ActiveX function call access (web-client.rules)
10981 <-> WEB-CLIENT Second Sight Software ActiveGS ActiveX function call unicode access (web-client.rules)
10982 <-> WEB-CLIENT Second Sight Software ActiveMod ActiveX clsid access (web-client.rules)
10983 <-> WEB-CLIENT Second Sight Software ActiveMod ActiveX clsid unicode access (web-client.rules)
10984 <-> WEB-CLIENT Second Sight Software ActiveMod ActiveX function call access (web-client.rules)
10985 <-> WEB-CLIENT Second Sight Software ActiveMod ActiveX function call unicode access (web-client.rules)
10986 <-> WEB-CLIENT GraceNote CDDB ActiveX clsid access (web-client.rules)
10987 <-> WEB-CLIENT GraceNote CDDB ActiveX clsid unicode access (web-client.rules)
10988 <-> WEB-CLIENT GraceNote CDDB ActiveX function call access (web-client.rules)
10989 <-> WEB-CLIENT GraceNote CDDB ActiveX function call unicode access (web-client.rules)
10990 <-> WEB-MISC encoded cross site scripting HTML Image tag attempt (web-misc.rules)
10991 <-> WEB-CLIENT Microgaming Download Helper ActiveX clsid access (web-client.rules)
10992 <-> WEB-CLIENT Microgaming Download Helper ActiveX clsid unicode access (web-client.rules)
10993 <-> WEB-CLIENT Microgaming Download Helper ActiveX function call access (web-client.rules)
10994 <-> WEB-CLIENT Microgaming Download Helper ActiveX function call unicode access (web-client.rules)
10995 <-> SMTP possible BDAT DoS attempt (smtp.rules)
10996 <-> WEB-MISC SSLv3 Client_Hello request (web-misc.rules)
10997 <-> WEB-MISC SSLv3 SessionID overflow attempt (web-misc.rules)
10998 <-> EXPLOIT Novell GroupWise WebAccess authentication overflow (exploit.rules)
10999 <-> WEB-CGI chetcpasswd access (web-cgi.rules)
11000 <-> ORACLE dbms_snap_internal.delete_refresh_operations buffer overflow attempt (oracle.rules)
11001 <-> ORACLE dbms_snap_internal.delete_refresh_operations buffer overflow attempt (oracle.rules)
11002 <-> ORACLE dbms_snap_internal.generate_refresh_operations buffer overflow attempt (oracle.rules)
11003 <-> ORACLE dbms_snap_internal.generate_refresh_operations buffer overflow attempt (oracle.rules)
11004 <-> IMAP Lotus Domino CRAM-MD5 authentication method buffer overflow (imap.rules)
11005 <-> NETBIOS SMB rpcss alter context attempt (netbios.rules)
11006 <-> NETBIOS SMB rpcss unicode alter context attempt (netbios.rules)
11007 <-> NETBIOS SMB rpcss WriteAndX alter context attempt (netbios.rules)
11008 <-> NETBIOS SMB rpcss WriteAndX unicode alter context attempt (netbios.rules)
11009 <-> NETBIOS SMB-DS rpcss alter context attempt (netbios.rules)
11010 <-> NETBIOS SMB-DS rpcss WriteAndX alter context attempt (netbios.rules)
11011 <-> NETBIOS SMB-DS rpcss unicode alter context attempt (netbios.rules)
11012 <-> NETBIOS SMB-DS rpcss WriteAndX unicode alter context attempt (netbios.rules)
11013 <-> NETBIOS SMB rpcss little endian alter context attempt (netbios.rules)
11014 <-> NETBIOS SMB rpcss WriteAndX little endian alter context attempt (netbios.rules)
11015 <-> NETBIOS SMB rpcss unicode little endian alter context attempt (netbios.rules)
11016 <-> NETBIOS SMB rpcss WriteAndX unicode little endian alter context attempt (netbios.rules)
11017 <-> NETBIOS SMB-DS rpcss little endian alter context attempt (netbios.rules)
11018 <-> NETBIOS SMB-DS rpcss WriteAndX little endian alter context attempt (netbios.rules)
11019 <-> NETBIOS SMB-DS rpcss unicode little endian alter context attempt (netbios.rules)
11020 <-> NETBIOS SMB-DS rpcss WriteAndX unicode little endian alter context attempt (netbios.rules)
11021 <-> NETBIOS SMB rpcss bind attempt (netbios.rules)
11022 <-> NETBIOS SMB rpcss unicode bind attempt (netbios.rules)
11023 <-> NETBIOS SMB rpcss WriteAndX bind attempt (netbios.rules)
11024 <-> NETBIOS SMB rpcss WriteAndX unicode bind attempt (netbios.rules)
11025 <-> NETBIOS SMB-DS rpcss bind attempt (netbios.rules)
11026 <-> NETBIOS SMB-DS rpcss WriteAndX bind attempt (netbios.rules)
11027 <-> NETBIOS SMB-DS rpcss unicode bind attempt (netbios.rules)
11028 <-> NETBIOS SMB-DS rpcss WriteAndX unicode bind attempt (netbios.rules)
11029 <-> NETBIOS SMB rpcss little endian bind attempt (netbios.rules)
11030 <-> NETBIOS SMB rpcss WriteAndX little endian bind attempt (netbios.rules)
11031 <-> NETBIOS SMB rpcss unicode little endian bind attempt (netbios.rules)
11032 <-> NETBIOS SMB rpcss WriteAndX unicode little endian bind attempt (netbios.rules)
11033 <-> NETBIOS SMB-DS rpcss little endian bind attempt (netbios.rules)
11034 <-> NETBIOS SMB-DS rpcss WriteAndX little endian bind attempt (netbios.rules)
11035 <-> NETBIOS SMB-DS rpcss unicode little endian bind attempt (netbios.rules)
11036 <-> NETBIOS SMB-DS rpcss WriteAndX unicode little endian bind attempt (netbios.rules)
11037 <-> NETBIOS SMB rpcss andx alter context attempt (netbios.rules)
11038 <-> NETBIOS SMB rpcss unicode andx alter context attempt (netbios.rules)
11039 <-> NETBIOS SMB rpcss WriteAndX andx alter context attempt (netbios.rules)
11040 <-> NETBIOS SMB rpcss WriteAndX unicode andx alter context attempt (netbios.rules)
11041 <-> NETBIOS SMB-DS rpcss andx alter context attempt (netbios.rules)
11042 <-> NETBIOS SMB-DS rpcss WriteAndX andx alter context attempt (netbios.rules)
11043 <-> NETBIOS SMB-DS rpcss unicode andx alter context attempt (netbios.rules)
11044 <-> NETBIOS SMB-DS rpcss WriteAndX unicode andx alter context attempt (netbios.rules)
11045 <-> NETBIOS SMB rpcss little endian andx alter context attempt (netbios.rules)
11046 <-> NETBIOS SMB rpcss WriteAndX little endian andx alter context attempt (netbios.rules)
11047 <-> NETBIOS SMB rpcss unicode little endian andx alter context attempt (netbios.rules)
11048 <-> NETBIOS SMB rpcss WriteAndX unicode little endian andx alter context attempt (netbios.rules)
11049 <-> NETBIOS SMB-DS rpcss little endian andx alter context attempt (netbios.rules)
11050 <-> NETBIOS SMB-DS rpcss WriteAndX little endian andx alter context attempt (netbios.rules)
11051 <-> NETBIOS SMB-DS rpcss unicode little endian andx alter context attempt (netbios.rules)
11052 <-> NETBIOS SMB-DS rpcss WriteAndX unicode little endian andx alter context attempt (netbios.rules)
11053 <-> NETBIOS SMB rpcss andx bind attempt (netbios.rules)
11054 <-> NETBIOS SMB rpcss unicode andx bind attempt (netbios.rules)
11055 <-> NETBIOS SMB rpcss WriteAndX andx bind attempt (netbios.rules)
11056 <-> NETBIOS SMB rpcss WriteAndX unicode andx bind attempt (netbios.rules)
11057 <-> NETBIOS SMB-DS rpcss andx bind attempt (netbios.rules)
11058 <-> NETBIOS SMB-DS rpcss WriteAndX andx bind attempt (netbios.rules)
11059 <-> NETBIOS SMB-DS rpcss unicode andx bind attempt (netbios.rules)
11060 <-> NETBIOS SMB-DS rpcss WriteAndX unicode andx bind attempt (netbios.rules)
11061 <-> NETBIOS SMB rpcss little endian andx bind attempt (netbios.rules)
11062 <-> NETBIOS SMB rpcss WriteAndX little endian andx bind attempt (netbios.rules)
11063 <-> NETBIOS SMB rpcss unicode little endian andx bind attempt (netbios.rules)
11064 <-> NETBIOS SMB rpcss WriteAndX unicode little endian andx bind attempt (netbios.rules)
11065 <-> NETBIOS SMB-DS rpcss little endian andx bind attempt (netbios.rules)
11066 <-> NETBIOS SMB-DS rpcss WriteAndX little endian andx bind attempt (netbios.rules)
11067 <-> NETBIOS SMB-DS rpcss unicode little endian andx bind attempt (netbios.rules)
11068 <-> NETBIOS SMB-DS rpcss WriteAndX unicode little endian andx bind attempt (netbios.rules)
11069 <-> NETBIOS DCERPC NCACN-IP-TCP rpcss little endian alter context attempt (netbios.rules)
11070 <-> NETBIOS DCERPC NCACN-IP-TCP rpcss alter context attempt (netbios.rules)
11071 <-> NETBIOS DCERPC NCACN-IP-TCP rpcss little endian bind attempt (netbios.rules)
11072 <-> NETBIOS DCERPC NCACN-IP-TCP rpcss bind attempt (netbios.rules)
11073 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject WriteAndX unicode little endian attempt (netbios.rules)
11074 <-> NETBIOS SMB-DS v4 rpcss _RemoteGetClassObject unicode little endian attempt (netbios.rules)
11075 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject unicode attempt (netbios.rules)
11076 <-> NETBIOS SMB v4 rpcss _RemoteGetClassObject WriteAndX attempt (netbios.rules)
11077 <-> NETBIOS SMB-DS v4 rpcss _RemoteGetClassObject unicode attempt (netbios.rules)
11078 <-> NETBIOS SMB-DS v4 rpcss _RemoteGetClassObject attempt (netbios.rules)
11079 <-> NETBIOS SMB-DS v4 rpcss _RemoteGetClassObject little endian attempt (netbios.rules)
11080 <-> NETBIOS SMB v4 rpcss _RemoteGetClassObject WriteAndX unicode attempt (netbios.rules)
11081 <-> NETBIOS SMB v4 rpcss _RemoteGetClassObject attempt (netbios.rules)
11082 <-> NETBIOS SMB-DS v4 rpcss _RemoteGetClassObject WriteAndX attempt (netbios.rules)
11083 <-> NETBIOS SMB v4 rpcss _RemoteGetClassObject unicode attempt (netbios.rules)
11084 <-> NETBIOS SMB-DS v4 rpcss _RemoteGetClassObject WriteAndX unicode attempt (netbios.rules)
11085 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject attempt (netbios.rules)
11086 <-> NETBIOS SMB rpcss _RemoteGetClassObject WriteAndX little endian attempt (netbios.rules)
11087 <-> NETBIOS SMB rpcss _RemoteGetClassObject WriteAndX unicode attempt (netbios.rules)
11088 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject little endian attempt (netbios.rules)
11089 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject unicode little endian attempt (netbios.rules)
11090 <-> NETBIOS SMB-DS v4 rpcss _RemoteGetClassObject WriteAndX unicode little endian attempt (netbios.rules)
11091 <-> NETBIOS SMB v4 rpcss _RemoteGetClassObject unicode little endian attempt (netbios.rules)
11092 <-> NETBIOS SMB v4 rpcss _RemoteGetClassObject little endian attempt (netbios.rules)
11093 <-> NETBIOS SMB v4 rpcss _RemoteGetClassObject WriteAndX unicode little endian attempt (netbios.rules)
11094 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject WriteAndX unicode attempt (netbios.rules)
11095 <-> NETBIOS SMB rpcss _RemoteGetClassObject WriteAndX attempt (netbios.rules)
11096 <-> NETBIOS SMB v4 rpcss _RemoteGetClassObject WriteAndX little endian attempt (netbios.rules)
11097 <-> NETBIOS SMB-DS v4 rpcss _RemoteGetClassObject WriteAndX little endian attempt (netbios.rules)
11098 <-> NETBIOS SMB rpcss _RemoteGetClassObject attempt (netbios.rules)
11099 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject WriteAndX attempt (netbios.rules)
11100 <-> NETBIOS SMB rpcss _RemoteGetClassObject unicode attempt (netbios.rules)
11101 <-> NETBIOS SMB rpcss _RemoteGetClassObject WriteAndX unicode little endian attempt (netbios.rules)
11102 <-> NETBIOS SMB rpcss _RemoteGetClassObject little endian attempt (netbios.rules)
11103 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject WriteAndX little endian attempt (netbios.rules)
11104 <-> NETBIOS SMB rpcss _RemoteGetClassObject unicode little endian attempt (netbios.rules)
11105 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject object call attempt (netbios.rules)
11106 <-> NETBIOS SMB rpcss _RemoteGetClassObject WriteAndX little endian object call attempt (netbios.rules)
11107 <-> NETBIOS SMB rpcss _RemoteGetClassObject WriteAndX unicode object call attempt (netbios.rules)
11108 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject little endian object call attempt (netbios.rules)
11109 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject unicode little endian object call attempt (netbios.rules)
11110 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject WriteAndX unicode object call attempt (netbios.rules)
11111 <-> NETBIOS SMB rpcss _RemoteGetClassObject WriteAndX object call attempt (netbios.rules)
11112 <-> NETBIOS SMB rpcss _RemoteGetClassObject object call attempt (netbios.rules)
11113 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject WriteAndX object call attempt (netbios.rules)
11114 <-> NETBIOS SMB rpcss _RemoteGetClassObject unicode object call attempt (netbios.rules)
11115 <-> NETBIOS SMB rpcss _RemoteGetClassObject WriteAndX unicode little endian object call attempt (netbios.rules)
11116 <-> NETBIOS SMB rpcss _RemoteGetClassObject little endian object call attempt (netbios.rules)
11117 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject WriteAndX little endian object call attempt (netbios.rules)
11118 <-> NETBIOS SMB rpcss _RemoteGetClassObject unicode little endian object call attempt (netbios.rules)
11119 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject WriteAndX unicode little endian object call attempt (netbios.rules)
11120 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject unicode object call attempt (netbios.rules)
11121 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject WriteAndX unicode little endian andx attempt (netbios.rules)
11122 <-> NETBIOS SMB-DS v4 rpcss _RemoteGetClassObject unicode little endian andx attempt (netbios.rules)
11123 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject unicode andx attempt (netbios.rules)
11124 <-> NETBIOS SMB v4 rpcss _RemoteGetClassObject WriteAndX andx attempt (netbios.rules)
11125 <-> NETBIOS SMB-DS v4 rpcss _RemoteGetClassObject unicode andx attempt (netbios.rules)
11126 <-> NETBIOS SMB-DS v4 rpcss _RemoteGetClassObject andx attempt (netbios.rules)
11127 <-> NETBIOS SMB-DS v4 rpcss _RemoteGetClassObject little endian andx attempt (netbios.rules)
11128 <-> NETBIOS SMB v4 rpcss _RemoteGetClassObject WriteAndX unicode andx attempt (netbios.rules)
11129 <-> NETBIOS SMB v4 rpcss _RemoteGetClassObject andx attempt (netbios.rules)
11130 <-> NETBIOS SMB-DS v4 rpcss _RemoteGetClassObject WriteAndX andx attempt (netbios.rules)
11131 <-> NETBIOS SMB v4 rpcss _RemoteGetClassObject unicode andx attempt (netbios.rules)
11132 <-> NETBIOS SMB-DS v4 rpcss _RemoteGetClassObject WriteAndX unicode andx attempt (netbios.rules)
11133 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject andx attempt (netbios.rules)
11134 <-> NETBIOS SMB rpcss _RemoteGetClassObject WriteAndX little endian andx attempt (netbios.rules)
11135 <-> NETBIOS SMB rpcss _RemoteGetClassObject WriteAndX unicode andx attempt (netbios.rules)
11136 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject little endian andx attempt (netbios.rules)
11137 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject unicode little endian andx attempt (netbios.rules)
11138 <-> NETBIOS SMB-DS v4 rpcss _RemoteGetClassObject WriteAndX unicode little endian andx attempt (netbios.rules)
11139 <-> NETBIOS SMB v4 rpcss _RemoteGetClassObject unicode little endian andx attempt (netbios.rules)
11140 <-> NETBIOS SMB v4 rpcss _RemoteGetClassObject little endian andx attempt (netbios.rules)
11141 <-> NETBIOS SMB v4 rpcss _RemoteGetClassObject WriteAndX unicode little endian andx attempt (netbios.rules)
11142 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject WriteAndX unicode andx attempt (netbios.rules)
11143 <-> NETBIOS SMB rpcss _RemoteGetClassObject WriteAndX andx attempt (netbios.rules)
11144 <-> NETBIOS SMB v4 rpcss _RemoteGetClassObject WriteAndX little endian andx attempt (netbios.rules)
11145 <-> NETBIOS SMB-DS v4 rpcss _RemoteGetClassObject WriteAndX little endian andx attempt (netbios.rules)
11146 <-> NETBIOS SMB rpcss _RemoteGetClassObject andx attempt (netbios.rules)
11147 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject WriteAndX andx attempt (netbios.rules)
11148 <-> NETBIOS SMB rpcss _RemoteGetClassObject unicode andx attempt (netbios.rules)
11149 <-> NETBIOS SMB rpcss _RemoteGetClassObject WriteAndX unicode little endian andx attempt (netbios.rules)
11150 <-> NETBIOS SMB rpcss _RemoteGetClassObject little endian andx attempt (netbios.rules)
11151 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject WriteAndX little endian andx attempt (netbios.rules)
11152 <-> NETBIOS SMB rpcss _RemoteGetClassObject unicode little endian andx attempt (netbios.rules)
11153 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject andx object call attempt (netbios.rules)
11154 <-> NETBIOS SMB rpcss _RemoteGetClassObject WriteAndX little endian andx object call attempt (netbios.rules)
11155 <-> NETBIOS SMB rpcss _RemoteGetClassObject WriteAndX unicode andx object call attempt (netbios.rules)
11156 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject little endian andx object call attempt (netbios.rules)
11157 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject unicode little endian andx object call attempt (netbios.rules)
11158 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject WriteAndX unicode andx object call attempt (netbios.rules)
11159 <-> NETBIOS SMB rpcss _RemoteGetClassObject WriteAndX andx object call attempt (netbios.rules)
11160 <-> NETBIOS SMB rpcss _RemoteGetClassObject andx object call attempt (netbios.rules)
11161 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject WriteAndX andx object call attempt (netbios.rules)
11162 <-> NETBIOS SMB rpcss _RemoteGetClassObject unicode andx object call attempt (netbios.rules)
11163 <-> NETBIOS SMB rpcss _RemoteGetClassObject WriteAndX unicode little endian andx object call attempt (netbios.rules)
11164 <-> NETBIOS SMB rpcss _RemoteGetClassObject little endian andx object call attempt (netbios.rules)
11165 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject WriteAndX little endian andx object call attempt (netbios.rules)
11166 <-> NETBIOS SMB rpcss _RemoteGetClassObject unicode little endian andx object call attempt (netbios.rules)
11167 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject WriteAndX unicode little endian andx object call attempt (netbios.rules)
11168 <-> NETBIOS SMB-DS rpcss _RemoteGetClassObject unicode andx object call attempt (netbios.rules)
11169 <-> NETBIOS DCERPC NCACN-IP-TCP rpcss _RemoteGetClassObject little endian attempt (netbios.rules)
11170 <-> NETBIOS DCERPC NCACN-IP-TCP v4 rpcss _RemoteGetClassObject attempt (netbios.rules)
11171 <-> NETBIOS DCERPC NCACN-IP-TCP rpcss _RemoteGetClassObject attempt (netbios.rules)
11172 <-> NETBIOS DCERPC NCACN-IP-TCP v4 rpcss _RemoteGetClassObject little endian attempt (netbios.rules)
11173 <-> NETBIOS DCERPC NCACN-IP-TCP rpcss _RemoteGetClassObject little endian object call attempt (netbios.rules)
11174 <-> NETBIOS DCERPC NCACN-IP-TCP rpcss _RemoteGetClassObject object call attempt (netbios.rules)

Updated rules:
 984 <-> WEB-IIS JET VBA access (web-iis.rules)
 985 <-> WEB-IIS JET VBA access (web-iis.rules)
 995 <-> WEB-IIS ism.dll access (web-iis.rules)
1005 <-> WEB-IIS codebrowser SDK access (web-iis.rules)
7902 <-> WEB-CLIENT CDDBControlAOL.CDDBAOLControl ActiveX clsid access (web-client.rules)
7903 <-> WEB-CLIENT CDDBControlAOL.CDDBAOLControl ActiveX clsid unicode access (web-client.rules)
8084 <-> WEB-CGI CVSTrac filediff function access (web-cgi.rules)
10586 <-> NETBIOS SMB-DS v4 dns R_DnssrvUpdateRecord2 unicode overflow attempt (netbios.rules)