Rule Update
17-057 (December 5, 2017)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008622 - Identified NTLMv1 Authentication Attempt Over SMB
1008660* - Microsoft Windows SMB Out-Of-Bounds Read Denial Of Service Vulnerability (CVE-2017-11781)
DNS Client
1002657* - DNS Insufficient Socket Entropy Vulnerability
1005020* - Detected Too Many DNS Responses With 'No Such Name' Error
1005101* - ISC BIND Zero Length RDATA Denial Of Service Vulnerability
1003928* - Oracle Secure Backup observiced.exe Buffer Overflow
DNS Server
1000836* - Microsoft Windows NAT Helper DNS Query DoS
1000167* - Snort Back Orifice Pre-Processor Buffer Overflow
HP Intelligent Management Center Dbman
1008749 - HPE Intelligent Management Center Dbman Stack Buffer Overflow Vulnerability (CVE-2017-8956)
HP Network Automation
1008676* - HPE Network Automation FileServlet Information Disclosure Vulnerability (CVE-2017-5811)
Mail Server Exim
1008758 - Exim Unix Mailer Multiple Security Vulnerabilities
SSL/TLS Server
1008534* - GnuTLS Proxy Certificate Information Extension Memory Corruption Vulnerability (CVE-2017-5334) - Server
Unix Kerberos
1008561* - Kerberos kadmind Policy Null Pointer Dereference Denial Of Service Vulnerability (CVE-2015-8630)
Web Application PHP Based
1008626* - Drupal Services Module Remote Code Execution Vulnerability
1008548* - PHP Session Data Injection Vulnerability (CVE-2016-7125)
Web Client Common
1008702 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2017-11816)
Web Client Internet Explorer/Edge
1008635* - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2017-11763)
Web Server Miscellaneous
1008751 - Apache CouchDB Remote Code Execution Vulnerabilities (CVE-2017-12635)
1004610* - Oracle Java SE And Java For Business Remote Security Vulnerability (CVE-2010-4476)
1008763 - Red Hat JBoss Application Server 'doFilter' Insecure Deserialization Vulnerability (CVE-2017-12149)
Integrity Monitoring Rules:
1005195* - Microsoft Windows - Log File Attributes Changes Detected
1005193* - Unix - Log File Attributes Changes Detected
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1008622 - Identified NTLMv1 Authentication Attempt Over SMB
1008660* - Microsoft Windows SMB Out-Of-Bounds Read Denial Of Service Vulnerability (CVE-2017-11781)
DNS Client
1002657* - DNS Insufficient Socket Entropy Vulnerability
1005020* - Detected Too Many DNS Responses With 'No Such Name' Error
1005101* - ISC BIND Zero Length RDATA Denial Of Service Vulnerability
1003928* - Oracle Secure Backup observiced.exe Buffer Overflow
DNS Server
1000836* - Microsoft Windows NAT Helper DNS Query DoS
1000167* - Snort Back Orifice Pre-Processor Buffer Overflow
HP Intelligent Management Center Dbman
1008749 - HPE Intelligent Management Center Dbman Stack Buffer Overflow Vulnerability (CVE-2017-8956)
HP Network Automation
1008676* - HPE Network Automation FileServlet Information Disclosure Vulnerability (CVE-2017-5811)
Mail Server Exim
1008758 - Exim Unix Mailer Multiple Security Vulnerabilities
SSL/TLS Server
1008534* - GnuTLS Proxy Certificate Information Extension Memory Corruption Vulnerability (CVE-2017-5334) - Server
Unix Kerberos
1008561* - Kerberos kadmind Policy Null Pointer Dereference Denial Of Service Vulnerability (CVE-2015-8630)
Web Application PHP Based
1008626* - Drupal Services Module Remote Code Execution Vulnerability
1008548* - PHP Session Data Injection Vulnerability (CVE-2016-7125)
Web Client Common
1008702 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2017-11816)
Web Client Internet Explorer/Edge
1008635* - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2017-11763)
Web Server Miscellaneous
1008751 - Apache CouchDB Remote Code Execution Vulnerabilities (CVE-2017-12635)
1004610* - Oracle Java SE And Java For Business Remote Security Vulnerability (CVE-2010-4476)
1008763 - Red Hat JBoss Application Server 'doFilter' Insecure Deserialization Vulnerability (CVE-2017-12149)
Integrity Monitoring Rules:
1005195* - Microsoft Windows - Log File Attributes Changes Detected
1005193* - Unix - Log File Attributes Changes Detected
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.