Sourcefire VRT Certified Rules Update

Date: 2005-03-16

The following is a list of new or modified rules included in this VRT Certified Ruleset.
List format: sid - message (rule group)

New rules:

3512 - ORACLE utl_file.fcopy directory traversal attempt (oracle.rules)
3513 - ORACLE utl_file.fopen_nchar directory traversal attempt (oracle.rules)
3514 - ORACLE utl_file.fopen directory traversal attempt (oracle.rules)
3515 - ORACLE utl_file.fremove directory traversal attempt (oracle.rules)
3516 - ORACLE utl_file.frename directory traversal attempt (oracle.rules)
3517 - EXPLOIT Computer Associates license PUTOLF overflow attempt (exploit.rules)
3518 - WEB-MISC MySQL MaxDB WebSQL wppassword buffer overflow (web-misc.rules)
3519 - WEB-MISC MySQL MaxDB WebSQL wppassword buffer overflow default port (web-misc.rules)
3520 - EXPLOIT Computer Associates license GCR NETWORK overflow attempt (exploit.rules)
3521 - EXPLOIT Computer Associates license GCR CHECKSUMS overflow attempt (exploit.rules)
3522 - EXPLOIT Computer Associates license GETCONFIG overflow attempt (exploit.rules)

Updated rules:

2657 - WEB-MISC SSLv2 Client_Hello with pad Challenge Length overflow attempt (web-misc.rules)