Sourcefire VRT Certified Rules Update

Date: 2005-05-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
3651 - EXPLOIT CVS rsh annotate revision overflow attempt (exploit.rules)
3652 - EXPLOIT CVS pserver annotate revision overflow attempt (exploit.rules)
3653 - SMTP SAML overflow attempt (smtp.rules)
3654 - SMTP SOML overflow attempt (smtp.rules)
3655 - SMTP SEND overflow attempt (smtp.rules)
3656 - SMTP MAIL overflow attempt (smtp.rules)
3657 - ORACLE ctxsys.driload attempt (oracle.rules)
3658 - EXPLOIT ARCserve backup universal agent option 1000 little endian buffer overflow attempt (exploit.rules)
3659 - EXPLOIT ARCserve backup universal agent option 1000 buffer overflow attempt (exploit.rules)
3660 - EXPLOIT ARCserve backup universal agent option 00 little endian buffer overflow attempt (exploit.rules)
3661 - EXPLOIT ARCserve backup universal agent option 00 buffer overflow attempt (exploit.rules)
3662 - EXPLOIT ARCserve backup universal agent option 03 little endian buffer overflow attempt (exploit.rules)
3663 - EXPLOIT ARCserve backup universal agent option 03 buffer overflow attempt (exploit.rules)
3664 - EXPLOIT PPTP echo request buffer overflow attempt (exploit.rules)

Updated rules:
1909 - RPC CMSD TCP CMSD_INSERT buffer overflow attempt (rpc.rules)
2515 - WEB-MISC PCT Client_Hello overflow attempt (web-misc.rules)
2516 - POP3 PCT Client_Hello overflow attempt (deleted.rules)
2517 - IMAP PCT Client_Hello overflow attempt (imap.rules)
2518 - POP3 PCT Client_Hello overflow attempt (pop3.rules)
2528 - SMTP PCT Client_Hello overflow attempt (smtp.rules)
3511 - SMTP PCT Client_Hello overflow attempt (smtp.rules)
3526 - ORACLE XDB FTP UNLOCK overflow attempt (oracle.rules)