Sourcefire VRT Update

Date: 2006-04-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
5997 - WEB-MISC WinProxy overly long host header buffer overflow attempt (web-misc.rules)
5998 - P2P Skype client login startup (p2p.rules)
5999 - P2P Skype client login (p2p.rules)
6000 - P2P Skype client login startup (p2p.rules)
6001 - P2P Skype client login (p2p.rules)
6002 - WEB-CLIENT Microsoft DT DDS Rectilinear GDD Layout ActiveX Object Access (web-client.rules)
6003 - WEB-CLIENT Microsoft DT DDS Rectilinear GDD Route ActiveX Object Access (web-client.rules)
6004 - WEB-CLIENT Microsoft DT DDS Circular Auto Layout Logic 2 ActiveX Object Access (web-client.rules)
6005 - WEB-CLIENT Microsoft DT DDS Straight Line Routing Logic 2 ActiveX Object Access (web-client.rules)
6006 - WEB-CLIENT Microsoft DT Icon Control ActiveX Object Access (web-client.rules)
6007 - WEB-CLIENT Microsoft DT DDS OrgChart GDD Layout ActiveX Object Access (web-client.rules)
6008 - WEB-CLIENT Microsoft DT DDS OrgChart GDD Route ActiveX Object Access (web-client.rules)
6009 - WEB-CLIENT RDS.Dataspace ActiveX Object Access (web-client.rules)
6010 - EXPLOIT VERITAS NetBackup vnetd buffer overflow attempt (exploit.rules)
6011 - EXPLOIT VERITAS NetBackup vnetd buffer overflow attempt (exploit.rules)

Updated rules:
 159 - DELETED BACKDOOR NetMetro File List (deleted.rules)
2527 - SMTP STARTTLS attempt (smtp.rules)
3668 - MYSQL client authentication bypass attempt (mysql.rules)
5692 - P2P Skype client successful install (p2p.rules)
5693 - P2P Skype client start up get latest version attempt (p2p.rules)
5694 - P2P Skype client setup get newest version attempt (p2p.rules)