Sourcefire VRT Certified Rules Update

Date: 2005-06-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
3680 - P2P AOL Instant Messenger Message Send (p2p.rules)
3681 - P2P AOL Instant Messenger Message Receive (p2p.rules)
3682 - SMTP spoofed MIME-Type auto-execution attempt (smtp.rules)
3683 - WEB-CLIENT spoofed MIME-Type auto-execution attempt (web-client.rules)
3684 - WEB-CLIENT Bitmap Transfer (web-client.rules)
3685 - WEB-CLIENT bitmap BitmapOffset multipacket integer overflow attempt (web-client.rules)
3686 - WEB-CLIENT Internet Explorer Content Advisor attempted overflow (web-client.rules)
3687 - TELNET client ENV OPT USERVAR information disclosure (telnet.rules)
3688 - TELNET client ENV OPT VAR information disclosure (telnet.rules)
3689 - WEB-CLIENT Internet Explorer tRNS overflow attempt (web-client.rules)

Updated rules:
1842 - IMAP login buffer overflow attempt (imap.rules)
2382 - NETBIOS SMB Session Setup NTMLSSP asn1 overflow attempt (netbios.rules)
2383 - NETBIOS SMB-DS Session Setup NTMLSSP asn1 overflow attempt (netbios.rules)
2386 - WEB-IIS NTLM ASN.1 vulnerability scan attempt (web-iis.rules)
2586 - P2P eDonkey transfer (p2p.rules)
3000 - NETBIOS SMB Session Setup NTMLSSP unicode asn1 overflow attempt (netbios.rules)
3001 - NETBIOS SMB Session Setup NTMLSSP andx asn1 overflow attempt (netbios.rules)
3002 - NETBIOS SMB Session Setup NTMLSSP unicode andx asn1 overflow attempt (netbios.rules)
3003 - NETBIOS SMB-DS Session Setup NTMLSSP unicode asn1 overflow attempt (netbios.rules)
3004 - NETBIOS SMB-DS Session Setup NTMLSSP andx asn1 overflow attempt (netbios.rules)
3005 - NETBIOS SMB-DS Session Setup NTMLSSP unicode andx asn1 overflow attempt (netbios.rules)
3072 - IMAP status overflow attempt (imap.rules)