Sourcefire VRT Update

Date: 2006-05-10

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
6404 - EXPLOIT Veritas NetBackup Volume Manager possible overflow connection attempt (exploit.rules)
6405 - EXPLOIT Veritas NetBackup Volume Manager overflow attempt (exploit.rules)
6406 - POLICY Gizmo VOIP client start-up version check (policy.rules)
6407 - POLICY Gizmo register VOIP state (policy.rules)
6408 - POLICY webshots desktop traffic (policy.rules)
6409 - WEB-FRONTPAGE frontpage server extension long host string overflow attempt (web-frontpage.rules)
6410 - WEB-FRONTPAGE frontpage server extension long host string overflow attempt (web-frontpage.rules)
6411 - WEB-FRONTPAGE frontpage server extension long host string overflow attempt (web-frontpage.rules)
6412 - SMTP Windows Address Book attachment detected (smtp.rules)
6413 - SMTP Base64 encoded Windows Address Book attachment detected (smtp.rules)
6414 - WEB-MISC Novell GroupWise Messenger Accept-Language Header Buffer Overflow attempt (web-misc.rules)
6415 - NETBIOS DCERPC DIRECT msdtc BuildContextW little endian object call overflow attempt (netbios.rules)
6416 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW object call overflow attempt (netbios.rules)
6417 - NETBIOS DCERPC DIRECT msdtc BuildContextW object call overflow attempt (netbios.rules)
6418 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW little endian object call overflow attempt (netbios.rules)
6419 - NETBIOS DCERPC DIRECT v4 msdtc BuildContextW little endian invalid uuid size attempt (netbios.rules)
6420 - NETBIOS DCERPC DIRECT-UDP v4 msdtc BuildContextW little endian invalid uuid size attempt (netbios.rules)
6421 - NETBIOS DCERPC DIRECT msdtc BuildContextW little endian invalid uuid size attempt (netbios.rules)
6422 - NETBIOS DCERPC DIRECT v4 msdtc BuildContextW invalid uuid size attempt (netbios.rules)
6423 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW little endian invalid uuid size attempt (netbios.rules)
6424 - NETBIOS DCERPC DIRECT-UDP v4 msdtc BuildContextW invalid uuid size attempt (netbios.rules)
6425 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW invalid uuid size attempt (netbios.rules)
6426 - NETBIOS DCERPC DIRECT msdtc BuildContextW invalid uuid size attempt (netbios.rules)
6427 - NETBIOS DCERPC DIRECT msdtc BuildContextW little endian object call invalid uuid size attempt (netbios.rules)
6428 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW little endian object call invalid uuid size attempt (netbios.rules)
6429 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW object call invalid uuid size attempt (netbios.rules)
6430 - NETBIOS DCERPC DIRECT msdtc BuildContextW object call invalid uuid size attempt (netbios.rules)
6431 - NETBIOS DCERPC DIRECT msdtc BuildContextW invalid second uuid size attempt (netbios.rules)
6432 - NETBIOS DCERPC DIRECT v4 msdtc BuildContextW invalid second uuid size attempt (netbios.rules)
6433 - NETBIOS DCERPC DIRECT v4 msdtc BuildContextW little endian invalid second uuid size attempt (netbios.rules)
6434 - NETBIOS DCERPC DIRECT msdtc BuildContextW little endian invalid second uuid size attempt (netbios.rules)
6435 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW little endian invalid second uuid size attempt (netbios.rules)
6436 - NETBIOS DCERPC DIRECT-UDP v4 msdtc BuildContextW invalid second uuid size attempt (netbios.rules)
6437 - NETBIOS DCERPC DIRECT-UDP v4 msdtc BuildContextW little endian invalid second uuid size attempt (netbios.rules)
6438 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW invalid second uuid size attempt (netbios.rules)
6439 - NETBIOS DCERPC DIRECT msdtc BuildContextW object call invalid second uuid size attempt (netbios.rules)
6440 - NETBIOS DCERPC DIRECT msdtc BuildContextW little endian object call invalid second uuid size attempt (netbios.rules)
6441 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW little endian object call invalid second uuid size attempt (netbios.rules)
6442 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW object call invalid second uuid size attempt (netbios.rules)
6443 - NETBIOS DCERPC DIRECT msdtc BuildContextW heap overflow attempt (netbios.rules)
6444 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW little endian heap overflow attempt (netbios.rules)
6445 - NETBIOS DCERPC DIRECT-UDP v4 msdtc BuildContextW little endian heap overflow attempt (netbios.rules)
6446 - NETBIOS DCERPC DIRECT v4 msdtc BuildContextW little endian heap overflow attempt (netbios.rules)
6447 - NETBIOS DCERPC DIRECT v4 msdtc BuildContextW heap overflow attempt (netbios.rules)
6448 - NETBIOS DCERPC DIRECT msdtc BuildContextW little endian heap overflow attempt (netbios.rules)
6449 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW heap overflow attempt (netbios.rules)
6450 - NETBIOS DCERPC DIRECT-UDP v4 msdtc BuildContextW heap overflow attempt (netbios.rules)
6451 - NETBIOS DCERPC DIRECT msdtc BuildContextW object call heap overflow attempt (netbios.rules)
6452 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW little endian object call heap overflow attempt (netbios.rules)
6453 - NETBIOS DCERPC DIRECT msdtc BuildContextW little endian object call heap overflow attempt (netbios.rules)
6454 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW object call heap overflow attempt (netbios.rules)
6455 - NETBIOS DCERPC DIRECT msdtc BuildContext heap overflow attempt (netbios.rules)
6456 - NETBIOS DCERPC DIRECT v4 msdtc BuildContext heap overflow attempt (netbios.rules)
6457 - NETBIOS DCERPC DIRECT msdtc BuildContext little endian heap overflow attempt (netbios.rules)
6458 - NETBIOS DCERPC DIRECT-UDP v4 msdtc BuildContext little endian heap overflow attempt (netbios.rules)
6459 - NETBIOS DCERPC DIRECT v4 msdtc BuildContext little endian heap overflow attempt (netbios.rules)
6460 - NETBIOS DCERPC DIRECT-UDP v4 msdtc BuildContext heap overflow attempt (netbios.rules)
6461 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContext heap overflow attempt (netbios.rules)
6462 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContext little endian heap overflow attempt (netbios.rules)
6463 - NETBIOS DCERPC DIRECT msdtc BuildContext object call heap overflow attempt (netbios.rules)
6464 - NETBIOS DCERPC DIRECT msdtc BuildContext little endian object call heap overflow attempt (netbios.rules)
6465 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContext object call heap overflow attempt (netbios.rules)
6466 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContext little endian object call heap overflow attempt (netbios.rules)

Updated rules:
2278 - WEB-MISC client negative Content-Length attempt (web-misc.rules)
4245 - NETBIOS DCERPC DIRECT-UDP v4 msdtc BuildContextW overflow attempt (netbios.rules)
4246 - NETBIOS DCERPC DIRECT msdtc BuildContextW little endian overflow attempt (netbios.rules)
4247 - NETBIOS DCERPC DIRECT v4 msdtc BuildContextW overflow attempt (netbios.rules)
4248 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW overflow attempt (netbios.rules)
4249 - NETBIOS DCERPC DIRECT v4 msdtc BuildContextW little endian overflow attempt (netbios.rules)
4250 - NETBIOS DCERPC DIRECT msdtc BuildContextW overflow attempt (netbios.rules)
4251 - NETBIOS DCERPC DIRECT-UDP msdtc BuildContextW little endian overflow attempt (netbios.rules)
4252 - NETBIOS DCERPC DIRECT-UDP v4 msdtc BuildContextW little endian overflow attempt (netbios.rules)
6228 - SPYWARE-PUT Adware exact.bargainbuddy runtime detection - disclaimer text (spyware-put.rules)