Sourcefire VRT Certified Rules Update

Date: 2005-08-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
4126 - EXPLOIT Veritas Backup Exec root connection attempt using default password hash (exploit.rules)
4127 - EXPLOIT Novell eDirectory Server iMonitor overflow attempt (exploit.rules)
4128 - WEB-CGI 4DWebstar ShellExample.cgi information disclosure (web-cgi.rules)
4129 - EXPLOIT Novell ZenWorks Remote Management Agent large login packet DoS attempt (exploit.rules)
4130 - EXPLOIT Novell ZenWorks Remote Management Agent Buffer Overflow Attempt (exploit.rules)
4131 - EXPLOIT SHOUTcast URI format string attempt (exploit.rules)
4132 - WEB-CLIENT msdds clsid attempt (web-client.rules)
4133 - WEB-CLIENT devenum clsid attempt (web-client.rules)
4134 - WEB-CLIENT blnmgr clsid attempt (web-client.rules)
4135 - WEB-CLIENT IE JPEG heap overflow single packet attempt (web-client.rules)
4136 - WEB-CLIENT IE JPEG heap overflow multipacket attempt (web-client.rules)

Updated rules:
1652 - WEB-CGI campas attempt (web-cgi.rules)
2671 - WEB-CLIENT bitmap BitmapOffset integer overflow attempt (web-client.rules)
3192 - WEB-CLIENT Windows Media Player directory traversal via Content-Disposition attempt (web-client.rules)
3685 - WEB-CLIENT bitmap BitmapOffset multipacket integer overflow attempt (web-client.rules)