Sourcefire VRT Certified Rules Update

Date: 2005-11-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
4642 - ORACLE sys.pbsde.init buffer overflow attempt (oracle.rules)
4643 - WEB-CLIENT malformed windows shortcut file buffer overflow attempt (web-client.rules)
4644 - WEB-CLIENT malformed windows shortcut file with comment buffer overflow attempt (web-client.rules)
4645 - IMAP search format string attempt (imap.rules)
4646 - IMAP search literal format string attempt (imap.rules)
4647 - WEB-CLIENT internet explorer javascript onload denial of service attempt (web-client.rules)
4648 - WEB-CLIENT wang image admin activex object access (web-client.rules)
4649 - MYSQL CREATE FUNCTION buffer overflow attempt (mysql.rules)
4650 - WEB-MISC cacti graph_image.php access (web-misc.rules)
4651 - NETBIOS SMB NT Trans NT SET SECURITY DESC SACL overflow attempt (netbios.rules)
4652 - NETBIOS SMB NT Trans NT SET SECURITY DESC andx SACL overflow attempt (netbios.rules)
4653 - NETBIOS SMB NT Trans NT SET SECURITY DESC unicode SACL overflow attempt (netbios.rules)
4654 - NETBIOS SMB NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt (netbios.rules)
4655 - NETBIOS SMB-DS NT Trans NT SET SECURITY DESC SACL overflow attempt (netbios.rules)
4656 - NETBIOS SMB-DS NT Trans NT SET SECURITY DESC andx SACL overflow attempt (netbios.rules)
4657 - NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode SACL overflow attempt (netbios.rules)
4658 - NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt (netbios.rules)
4659 - NETBIOS-DG SMB NT Trans NT SET SECURITY DESC SACL overflow attempt (netbios.rules)
4660 - NETBIOS-DG SMB NT Trans NT SET SECURITY DESC andx SACL overflow attempt (netbios.rules)
4661 - NETBIOS-DG SMB NT Trans NT SET SECURITY DESC unicode SACL overflow attempt (netbios.rules)
4662 - NETBIOS-DG SMB NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt (netbios.rules)
4663 - NETBIOS SMB NT Trans NT SET SECURITY DESC DACL overflow attempt (netbios.rules)
4664 - NETBIOS SMB NT Trans NT SET SECURITY DESC andx DACL overflow attempt (netbios.rules)
4665 - NETBIOS SMB NT Trans NT SET SECURITY DESC unicode DACL overflow attempt (netbios.rules)
4666 - NETBIOS SMB NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt (netbios.rules)
4667 - NETBIOS SMB-DS NT Trans NT SET SECURITY DESC DACL overflow attempt (netbios.rules)
4668 - NETBIOS SMB-DS NT Trans NT SET SECURITY DESC andx DACL overflow attempt (netbios.rules)
4669 - NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode DACL overflow attempt (netbios.rules)
4670 - NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt (netbios.rules)
4671 - NETBIOS-DG SMB NT Trans NT SET SECURITY DESC DACL overflow attempt (netbios.rules)
4672 - NETBIOS-DG SMB NT Trans NT SET SECURITY DESC andx DACL overflow attempt (netbios.rules)
4673 - NETBIOS-DG SMB NT Trans NT SET SECURITY DESC unicode DACL overflow attempt (netbios.rules)
4674 - NETBIOS-DG SMB NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt (netbios.rules)
4675 - WEB-CLIENT Macromedia swf DOACTION tag overflow attempt (web-client.rules)
4676 - ORACLE enterprise manager application server control POST parameter overflow attempt (oracle.rules)
4677 - ORACLE enterprise manager application server control GET parameter overflow attempt (oracle.rules)
4678 - WEB-CLIENT quicktime movie file transfer (web-client.rules)
4679 - WEB-CLIENT quicktime movie file component name integer overflow multipacket attempt (web-client.rules)
4680 - WEB-CLIENT quicktime movie file component name integer overflow attempt (web-client.rules)

Updated rules:
 324 - FINGER null request (finger.rules)
 904 - WEB-COLDFUSION exampleapp application.cfm (web-coldfusion.rules)
 905 - WEB-COLDFUSION application.cfm access (web-coldfusion.rules)
 906 - WEB-COLDFUSION getfile.cfm access (web-coldfusion.rules)
1042 - WEB-IIS view source via translate header (web-iis.rules)
1600 - WEB-CGI htsearch arbitrary configuration file attempt (web-cgi.rules)
1973 - FTP MKD overflow attempt (ftp.rules)
2570 - WEB-MISC Invalid HTTP Version String (web-misc.rules)
3442 - DOS WIN32 TCP print service overflow attempt (dos.rules)
4143 - EXPLOIT lpd receive printer job cascade adaptor protocol request (exploit.rules)
4144 - EXPLOIT lpd Solaris unlink file attempt (exploit.rules)
4381 - NETBIOS SMB spoolss alter context attempt (netbios.rules)
4382 - NETBIOS SMB spoolss andx alter context attempt (netbios.rules)
4383 - NETBIOS SMB spoolss WriteAndX alter context attempt (netbios.rules)
4384 - NETBIOS SMB spoolss WriteAndX andx alter context attempt (netbios.rules)
4385 - NETBIOS SMB spoolss unicode alter context attempt (netbios.rules)
4386 - NETBIOS SMB spoolss WriteAndX unicode alter context attempt (netbios.rules)
4387 - NETBIOS SMB spoolss unicode andx alter context attempt (netbios.rules)
4388 - NETBIOS SMB spoolss WriteAndX unicode andx alter context attempt (netbios.rules)
4389 - NETBIOS SMB spoolss little endian alter context attempt (netbios.rules)
4390 - NETBIOS SMB spoolss WriteAndX little endian alter context attempt (netbios.rules)
4391 - NETBIOS SMB spoolss little endian andx alter context attempt (netbios.rules)
4392 - NETBIOS SMB spoolss WriteAndX little endian andx alter context attempt (netbios.rules)
4393 - NETBIOS SMB spoolss unicode little endian alter context attempt (netbios.rules)
4394 - NETBIOS SMB spoolss WriteAndX unicode little endian alter context attempt (netbios.rules)
4395 - NETBIOS SMB spoolss unicode little endian andx alter context attempt (netbios.rules)
4396 - NETBIOS SMB spoolss WriteAndX unicode little endian andx alter context attempt (netbios.rules)
4397 - NETBIOS SMB spoolss bind attempt (netbios.rules)
4398 - NETBIOS SMB spoolss andx bind attempt (netbios.rules)
4399 - NETBIOS SMB spoolss WriteAndX bind attempt (netbios.rules)
4400 - NETBIOS SMB spoolss WriteAndX andx bind attempt (netbios.rules)
4401 - NETBIOS SMB spoolss unicode bind attempt (netbios.rules)
4402 - NETBIOS SMB spoolss WriteAndX unicode bind attempt (netbios.rules)
4403 - NETBIOS SMB spoolss unicode andx bind attempt (netbios.rules)
4404 - NETBIOS SMB spoolss WriteAndX unicode andx bind attempt (netbios.rules)
4405 - NETBIOS SMB spoolss little endian bind attempt (netbios.rules)
4406 - NETBIOS SMB spoolss WriteAndX little endian bind attempt (netbios.rules)
4407 - NETBIOS SMB spoolss little endian andx bind attempt (netbios.rules)
4408 - NETBIOS SMB spoolss WriteAndX little endian andx bind attempt (netbios.rules)
4409 - NETBIOS SMB spoolss unicode little endian bind attempt (netbios.rules)
4410 - NETBIOS SMB spoolss WriteAndX unicode little endian bind attempt (netbios.rules)
4411 - NETBIOS SMB spoolss unicode little endian andx bind attempt (netbios.rules)
4412 - NETBIOS SMB spoolss WriteAndX unicode little endian andx bind attempt (netbios.rules)
4413 - NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX little endian andx overflow attempt (netbios.rules)
4414 - NETBIOS SMB spoolss AddPrinterEx little endian overflow attempt (netbios.rules)
4415 - NETBIOS SMB spoolss AddPrinterEx little endian andx overflow attempt (netbios.rules)
4416 - NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX unicode little endian overflow attempt (netbios.rules)
4417 - NETBIOS SMB v4 spoolss AddPrinterEx unicode little endian overflow attempt (netbios.rules)
4418 - NETBIOS SMB spoolss AddPrinterEx WriteAndX unicode little endian overflow attempt (netbios.rules)
4419 - NETBIOS SMB spoolss AddPrinterEx WriteAndX little endian overflow attempt (netbios.rules)
4420 - NETBIOS SMB v4 spoolss AddPrinterEx little endian andx overflow attempt (netbios.rules)
4421 - NETBIOS SMB spoolss AddPrinterEx unicode little endian overflow attempt (netbios.rules)
4422 - NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX unicode little endian andx overflow attempt (netbios.rules)
4423 - NETBIOS SMB spoolss AddPrinterEx unicode little endian andx overflow attempt (netbios.rules)
4424 - NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX unicode andx overflow attempt (netbios.rules)
4425 - NETBIOS SMB v4 spoolss AddPrinterEx little endian overflow attempt (netbios.rules)
4426 - NETBIOS SMB v4 spoolss AddPrinterEx unicode little endian andx overflow attempt (netbios.rules)
4427 - NETBIOS SMB spoolss AddPrinterEx WriteAndX unicode little endian andx overflow attempt (netbios.rules)
4428 - NETBIOS SMB spoolss AddPrinterEx WriteAndX little endian andx overflow attempt (netbios.rules)
4429 - NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX little endian overflow attempt (netbios.rules)
4430 - NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX overflow attempt (netbios.rules)
4431 - NETBIOS SMB spoolss AddPrinterEx WriteAndX overflow attempt (netbios.rules)
4432 - NETBIOS SMB v4 spoolss AddPrinterEx unicode andx overflow attempt (netbios.rules)
4433 - NETBIOS SMB spoolss AddPrinterEx unicode andx overflow attempt (netbios.rules)
4434 - NETBIOS SMB v4 spoolss AddPrinterEx overflow attempt (netbios.rules)
4435 - NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX unicode overflow attempt (netbios.rules)
4436 - NETBIOS SMB v4 spoolss AddPrinterEx unicode overflow attempt (netbios.rules)
4437 - NETBIOS SMB v4 spoolss AddPrinterEx andx overflow attempt (netbios.rules)
4438 - NETBIOS SMB v4 spoolss AddPrinterEx WriteAndX andx overflow attempt (netbios.rules)
4439 - NETBIOS SMB spoolss AddPrinterEx overflow attempt (netbios.rules)
4440 - NETBIOS SMB spoolss AddPrinterEx WriteAndX unicode overflow attempt (netbios.rules)
4441 - NETBIOS SMB spoolss AddPrinterEx andx overflow attempt (netbios.rules)
4442 - NETBIOS SMB spoolss AddPrinterEx WriteAndX andx overflow attempt (netbios.rules)
4443 - NETBIOS SMB spoolss AddPrinterEx unicode overflow attempt (netbios.rules)
4444 - NETBIOS SMB spoolss AddPrinterEx WriteAndX unicode andx overflow attempt (netbios.rules)
4445 - NETBIOS SMB-DS spoolss alter context attempt (netbios.rules)
4446 - NETBIOS SMB-DS spoolss andx alter context attempt (netbios.rules)
4447 - NETBIOS SMB-DS spoolss WriteAndX alter context attempt (netbios.rules)
4448 - NETBIOS SMB-DS spoolss WriteAndX andx alter context attempt (netbios.rules)
4449 - NETBIOS SMB-DS spoolss unicode alter context attempt (netbios.rules)
4450 - NETBIOS SMB-DS spoolss WriteAndX unicode alter context attempt (netbios.rules)
4451 - NETBIOS SMB-DS spoolss unicode andx alter context attempt (netbios.rules)
4452 - NETBIOS SMB-DS spoolss WriteAndX unicode andx alter context attempt (netbios.rules)
4453 - NETBIOS SMB-DS spoolss little endian alter context attempt (netbios.rules)
4454 - NETBIOS SMB-DS spoolss WriteAndX little endian alter context attempt (netbios.rules)
4455 - NETBIOS SMB-DS spoolss little endian andx alter context attempt (netbios.rules)
4456 - NETBIOS SMB-DS spoolss WriteAndX little endian andx alter context attempt (netbios.rules)
4457 - NETBIOS SMB-DS spoolss unicode little endian alter context attempt (netbios.rules)
4458 - NETBIOS SMB-DS spoolss WriteAndX unicode little endian alter context attempt (netbios.rules)
4459 - NETBIOS SMB-DS spoolss unicode little endian andx alter context attempt (netbios.rules)
4460 - NETBIOS SMB-DS spoolss WriteAndX unicode little endian andx alter context attempt (netbios.rules)
4461 - NETBIOS SMB-DS spoolss bind attempt (netbios.rules)
4462 - NETBIOS SMB-DS spoolss andx bind attempt (netbios.rules)
4463 - NETBIOS SMB-DS spoolss WriteAndX bind attempt (netbios.rules)
4464 - NETBIOS SMB-DS spoolss WriteAndX andx bind attempt (netbios.rules)
4465 - NETBIOS SMB-DS spoolss unicode bind attempt (netbios.rules)
4466 - NETBIOS SMB-DS spoolss WriteAndX unicode bind attempt (netbios.rules)
4467 - NETBIOS SMB-DS spoolss unicode andx bind attempt (netbios.rules)
4468 - NETBIOS SMB-DS spoolss WriteAndX unicode andx bind attempt (netbios.rules)
4469 - NETBIOS SMB-DS spoolss little endian bind attempt (netbios.rules)
4470 - NETBIOS SMB-DS spoolss WriteAndX little endian bind attempt (netbios.rules)
4471 - NETBIOS SMB-DS spoolss little endian andx bind attempt (netbios.rules)
4472 - NETBIOS SMB-DS spoolss WriteAndX little endian andx bind attempt (netbios.rules)
4473 - NETBIOS SMB-DS spoolss unicode little endian bind attempt (netbios.rules)
4474 - NETBIOS SMB-DS spoolss WriteAndX unicode little endian bind attempt (netbios.rules)
4475 - NETBIOS SMB-DS spoolss unicode little endian andx bind attempt (netbios.rules)
4476 - NETBIOS SMB-DS spoolss WriteAndX unicode little endian andx bind attempt (netbios.rules)
4477 - NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX little endian andx overflow attempt (netbios.rules)
4478 - NETBIOS SMB-DS spoolss AddPrinterEx little endian overflow attempt (netbios.rules)
4479 - NETBIOS SMB-DS spoolss AddPrinterEx little endian andx overflow attempt (netbios.rules)
4480 - NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX unicode little endian overflow attempt (netbios.rules)
4481 - NETBIOS SMB-DS v4 spoolss AddPrinterEx unicode little endian overflow attempt (netbios.rules)
4482 - NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX unicode little endian overflow attempt (netbios.rules)
4483 - NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX little endian overflow attempt (netbios.rules)
4484 - NETBIOS SMB-DS v4 spoolss AddPrinterEx little endian andx overflow attempt (netbios.rules)
4485 - NETBIOS SMB-DS spoolss AddPrinterEx unicode little endian overflow attempt (netbios.rules)
4486 - NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX unicode little endian andx overflow attempt (netbios.rules)
4487 - NETBIOS SMB-DS spoolss AddPrinterEx unicode little endian andx overflow attempt (netbios.rules)
4488 - NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX unicode andx overflow attempt (netbios.rules)
4489 - NETBIOS SMB-DS v4 spoolss AddPrinterEx little endian overflow attempt (netbios.rules)
4490 - NETBIOS SMB-DS v4 spoolss AddPrinterEx unicode little endian andx overflow attempt (netbios.rules)
4491 - NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX unicode little endian andx overflow attempt (netbios.rules)
4492 - NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX little endian andx overflow attempt (netbios.rules)
4493 - NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX little endian overflow attempt (netbios.rules)
4494 - NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX overflow attempt (netbios.rules)
4495 - NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX overflow attempt (netbios.rules)
4496 - NETBIOS SMB-DS v4 spoolss AddPrinterEx unicode andx overflow attempt (netbios.rules)
4497 - NETBIOS SMB-DS spoolss AddPrinterEx unicode andx overflow attempt (netbios.rules)
4498 - NETBIOS SMB-DS v4 spoolss AddPrinterEx overflow attempt (netbios.rules)
4499 - NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX unicode overflow attempt (netbios.rules)
4500 - NETBIOS SMB-DS v4 spoolss AddPrinterEx unicode overflow attempt (netbios.rules)
4501 - NETBIOS SMB-DS v4 spoolss AddPrinterEx andx overflow attempt (netbios.rules)
4502 - NETBIOS SMB-DS v4 spoolss AddPrinterEx WriteAndX andx overflow attempt (netbios.rules)
4503 - NETBIOS SMB-DS spoolss AddPrinterEx overflow attempt (netbios.rules)
4504 - NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX unicode overflow attempt (netbios.rules)
4505 - NETBIOS SMB-DS spoolss AddPrinterEx andx overflow attempt (netbios.rules)
4506 - NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX andx overflow attempt (netbios.rules)
4507 - NETBIOS SMB-DS spoolss AddPrinterEx unicode overflow attempt (netbios.rules)
4508 - NETBIOS SMB-DS spoolss AddPrinterEx WriteAndX unicode andx overflow attempt (netbios.rules)