Rule Update
18-005 (January 16, 2018)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Arcserve Unified Data Protection
1008711 - Arcserve Unified Data Protection Management Service Information Disclosure Vulnerability (CVE-2015-4069)
DCERPC Services
1008327* - Identified Server Suspicious SMB Session
1008558* - Identified Windows Search Protocol Network Traffic Over SMB
1008380 - Microsoft Windows Group Policy Preferences Password Elevation Of Privilege Vulnerability (CVE-2014-1812)
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1008713 - Microsoft Windows SMB Server SMBv1 Information Disclosure Vulnerability (CVE-2017-11815)
1008560* - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8620)
1000735* - Microsoft Windows Server Service Remote Code Execution
DCERPC Services - Client
1007592* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (CVE-2016-0160 and CVE-2016-0148)
Database Microsoft SQL
1008559 - Microsoft SQL Server Buffer Overflow Vulnerability (CVE-2008-0106)
Directory Server LDAP
1008459 - Samba NDR Parsing Remote Code Execution Vulnerability (CVE-2016-2123)
HP Intelligent Management Center (IMC)
1008748* - HPE Intelligent Management Center PLAT flexFileUpload Arbitrary File Upload Vulnerability (CVE-2017-8961)
1008686 - HPE Operations Orchestration Deserialization Remote Code Execution Vulnerability (CVE-2016-8519)
Microsoft Office
1008839 - Microsoft Office Memory Corruption Vulnerability (CVE-2018-0802)
NTP Client
1008632* - Identified Zero Origin Timestamp In NTP Traffic
NTP Server Linux
1008320* - Network Time Protocol Daemon 'peer_xmit' Mode Denial Of Service Vulnerability (CVE-2017-6464)
OpenSSL
1008715* - OpenSSL X.509 IPAddressFamily Extension Parsing Out-Of-Bounds Read Vulnerability (CVE-2017-3735) - Server
Oracle Tuxedo JOLT
1008798 - Oracle Tuxedo Jolt Heap Buffer Overflow Vulnerability (CVE-2017-10278)
RADIUS Server
1008614* - FreeRADIUS Heap Buffer Overflow Vulnerability (CVE-2017-10984)
SSL Client
1008714* - OpenSSL X.509 IPAddressFamily Extension Parsing Out-Of-Bounds Read Vulnerability (CVE-2017-3735) - Client
Symantec Messaging Gateway
1008741 - Symantec Messaging Gateway Remote Code Execution Vulnerability (CVE-2017-6326)
Trend Micro Control Manager
1008760 - Trend Micro Control Manager SQL Injection Vulnerability (CVE-2017-11383)
1008589 - Trend Micro Control Manager cmdHandlerLicenseManager SQL Injection Vulnerability (CVE-2017-11384)
Unix RPC Services
1008433* - Solaris Calendar Manager Service Daemon (rpc.cmsd) Remote Code Execution Vulnerability (CVE-2017-3632)
Unix Samba
1008644 - Samba Arbitrary File Write Vulnerability (CVE-2017-12163)
Web Application PHP Based
1008550* - PHP 'imagegammacorrect' Function Arbitrary Write Access vulnerability (CVE-2016-7127)
1008520* - PHP Malicious Object Injection In Deserialization Vulnerability (CVE-2016-7124)
1008562* - PHP libgd Signedness Heap Overflow Vulnerability (CVE-2016-3074)
Web Application Ruby Based
1008574* - Ruby On Rails Development Web Console Code Execution Vulnerability (CVE-2015-3224)
Web Client Common
1008736* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 6
1008738* - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-33)
1008726 - Foxit Reader Multiple Use-After-Free Remote Code Execution Vulnerabilities
1007931* - Microsoft Windows Information Disclosure Vulnerability (CVE-2016-3352)
1008828* - Speculative Execution Information Disclosure Vulnerabilities (Spectre)
Web Client Internet Explorer/Edge
1008836 - Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2018-0767)
1008704* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11840)
1008706* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11873)
1008697* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-11855)
Web Server Miscellaneous
1008794* - Apache Struts2 Jackson JSON Library Deserializer Remote Code Execution Vulnerability (CVE-2017-7525)
1008207* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2017-5638)
1008674 - IBM Informix Open Admin Tool Remote Code Execution Vulnerability (CVE-2017-1092)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Arcserve Unified Data Protection
1008711 - Arcserve Unified Data Protection Management Service Information Disclosure Vulnerability (CVE-2015-4069)
DCERPC Services
1008327* - Identified Server Suspicious SMB Session
1008558* - Identified Windows Search Protocol Network Traffic Over SMB
1008380 - Microsoft Windows Group Policy Preferences Password Elevation Of Privilege Vulnerability (CVE-2014-1812)
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1008713 - Microsoft Windows SMB Server SMBv1 Information Disclosure Vulnerability (CVE-2017-11815)
1008560* - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8620)
1000735* - Microsoft Windows Server Service Remote Code Execution
DCERPC Services - Client
1007592* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (CVE-2016-0160 and CVE-2016-0148)
Database Microsoft SQL
1008559 - Microsoft SQL Server Buffer Overflow Vulnerability (CVE-2008-0106)
Directory Server LDAP
1008459 - Samba NDR Parsing Remote Code Execution Vulnerability (CVE-2016-2123)
HP Intelligent Management Center (IMC)
1008748* - HPE Intelligent Management Center PLAT flexFileUpload Arbitrary File Upload Vulnerability (CVE-2017-8961)
1008686 - HPE Operations Orchestration Deserialization Remote Code Execution Vulnerability (CVE-2016-8519)
Microsoft Office
1008839 - Microsoft Office Memory Corruption Vulnerability (CVE-2018-0802)
NTP Client
1008632* - Identified Zero Origin Timestamp In NTP Traffic
NTP Server Linux
1008320* - Network Time Protocol Daemon 'peer_xmit' Mode Denial Of Service Vulnerability (CVE-2017-6464)
OpenSSL
1008715* - OpenSSL X.509 IPAddressFamily Extension Parsing Out-Of-Bounds Read Vulnerability (CVE-2017-3735) - Server
Oracle Tuxedo JOLT
1008798 - Oracle Tuxedo Jolt Heap Buffer Overflow Vulnerability (CVE-2017-10278)
RADIUS Server
1008614* - FreeRADIUS Heap Buffer Overflow Vulnerability (CVE-2017-10984)
SSL Client
1008714* - OpenSSL X.509 IPAddressFamily Extension Parsing Out-Of-Bounds Read Vulnerability (CVE-2017-3735) - Client
Symantec Messaging Gateway
1008741 - Symantec Messaging Gateway Remote Code Execution Vulnerability (CVE-2017-6326)
Trend Micro Control Manager
1008760 - Trend Micro Control Manager SQL Injection Vulnerability (CVE-2017-11383)
1008589 - Trend Micro Control Manager cmdHandlerLicenseManager SQL Injection Vulnerability (CVE-2017-11384)
Unix RPC Services
1008433* - Solaris Calendar Manager Service Daemon (rpc.cmsd) Remote Code Execution Vulnerability (CVE-2017-3632)
Unix Samba
1008644 - Samba Arbitrary File Write Vulnerability (CVE-2017-12163)
Web Application PHP Based
1008550* - PHP 'imagegammacorrect' Function Arbitrary Write Access vulnerability (CVE-2016-7127)
1008520* - PHP Malicious Object Injection In Deserialization Vulnerability (CVE-2016-7124)
1008562* - PHP libgd Signedness Heap Overflow Vulnerability (CVE-2016-3074)
Web Application Ruby Based
1008574* - Ruby On Rails Development Web Console Code Execution Vulnerability (CVE-2015-3224)
Web Client Common
1008736* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 6
1008738* - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-33)
1008726 - Foxit Reader Multiple Use-After-Free Remote Code Execution Vulnerabilities
1007931* - Microsoft Windows Information Disclosure Vulnerability (CVE-2016-3352)
1008828* - Speculative Execution Information Disclosure Vulnerabilities (Spectre)
Web Client Internet Explorer/Edge
1008836 - Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2018-0767)
1008704* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11840)
1008706* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11873)
1008697* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-11855)
Web Server Miscellaneous
1008794* - Apache Struts2 Jackson JSON Library Deserializer Remote Code Execution Vulnerability (CVE-2017-7525)
1008207* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2017-5638)
1008674 - IBM Informix Open Admin Tool Remote Code Execution Vulnerability (CVE-2017-1092)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.