Rule Update
18-007 (January 30, 2018)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Arcserve Unified Data Protection
1008711* - Arcserve Unified Data Protection Management Service Information Disclosure Vulnerability (CVE-2015-4069)
DCERPC Services
1008380* - Microsoft Windows Group Policy Preferences Password Elevation Of Privilege Vulnerability (CVE-2014-1812)
1008713* - Microsoft Windows SMB Server SMBv1 Information Disclosure Vulnerability (CVE-2017-11815)
1008560* - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8620)
Database Microsoft SQL
1008559* - Microsoft SQL Server Buffer Overflow Vulnerability (CVE-2008-0106)
Directory Server LDAP
1008459* - Samba NDR Parsing Remote Code Execution Vulnerability (CVE-2016-2123)
HP Intelligent Management Center (IMC)
1008806* - HPE Intelligent Management Center FileUploadServlet Directory Traversal Vulnerability (CVE-2017-5794)
1008686* - HPE Operations Orchestration Deserialization Remote Code Execution Vulnerability (CVE-2016-8519)
Mail Server Exim
1008758* - Exim Unix Mailer Multiple Security Vulnerabilities
NFS Server
1008802 - Linux Kernel NFSv4 nfsd PNFS Denial Of Service Vulnerability (CVE-2017-8797)
Network Scanner
1008800 - Bypass Network Scanner Traffic
OpenSSL
1008715* - OpenSSL X.509 IPAddressFamily Extension Parsing Out-Of-Bounds Read Vulnerability (CVE-2017-3735) - Server
Oracle Tuxedo JOLT
1008798* - Oracle Tuxedo Jolt Heap Buffer Overflow Vulnerability (CVE-2017-10278)
1008845* - Oracle Tuxedo Remote Security Vulnerability (CVE-2017-10269)
Symantec Messaging Gateway
1008741* - Symantec Messaging Gateway Remote Code Execution Vulnerability (CVE-2017-6326)
Trend Micro Control Manager
1008760* - Trend Micro Control Manager SQL Injection Vulnerability (CVE-2017-11383)
1008589* - Trend Micro Control Manager cmdHandlerLicenseManager SQL Injection Vulnerability (CVE-2017-11384)
Unix Samba
1008644* - Samba Arbitrary File Write Vulnerability (CVE-2017-12163)
Web Server Common
1008724* - Trend Micro SafeSync For Enterprise 'device_id' 'role' Command Injection Vulnerability
1008723* - Trend Micro SafeSync For Enterprise Command Injection Vulnerability
Web Server Miscellaneous
1008747 - Adobe ColdFusion RMI Registry Insecure Deserialization (CVE-2017-11284)
1008673* - IBM Informix Open Admin Tool Heap Buffer Overflow Vulnerability (CVE-2017-1092)
1008674* - IBM Informix Open Admin Tool Remote Code Execution Vulnerability (CVE-2017-1092)
Web Server Oracle
1008808* - Oracle WebLogic WLS Security Component Remote Code Execution Vulnerabilities
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1002828* - Application - Secure Shell Daemon (SSHD)
Deep Packet Inspection Rules:
Arcserve Unified Data Protection
1008711* - Arcserve Unified Data Protection Management Service Information Disclosure Vulnerability (CVE-2015-4069)
DCERPC Services
1008380* - Microsoft Windows Group Policy Preferences Password Elevation Of Privilege Vulnerability (CVE-2014-1812)
1008713* - Microsoft Windows SMB Server SMBv1 Information Disclosure Vulnerability (CVE-2017-11815)
1008560* - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8620)
Database Microsoft SQL
1008559* - Microsoft SQL Server Buffer Overflow Vulnerability (CVE-2008-0106)
Directory Server LDAP
1008459* - Samba NDR Parsing Remote Code Execution Vulnerability (CVE-2016-2123)
HP Intelligent Management Center (IMC)
1008806* - HPE Intelligent Management Center FileUploadServlet Directory Traversal Vulnerability (CVE-2017-5794)
1008686* - HPE Operations Orchestration Deserialization Remote Code Execution Vulnerability (CVE-2016-8519)
Mail Server Exim
1008758* - Exim Unix Mailer Multiple Security Vulnerabilities
NFS Server
1008802 - Linux Kernel NFSv4 nfsd PNFS Denial Of Service Vulnerability (CVE-2017-8797)
Network Scanner
1008800 - Bypass Network Scanner Traffic
OpenSSL
1008715* - OpenSSL X.509 IPAddressFamily Extension Parsing Out-Of-Bounds Read Vulnerability (CVE-2017-3735) - Server
Oracle Tuxedo JOLT
1008798* - Oracle Tuxedo Jolt Heap Buffer Overflow Vulnerability (CVE-2017-10278)
1008845* - Oracle Tuxedo Remote Security Vulnerability (CVE-2017-10269)
Symantec Messaging Gateway
1008741* - Symantec Messaging Gateway Remote Code Execution Vulnerability (CVE-2017-6326)
Trend Micro Control Manager
1008760* - Trend Micro Control Manager SQL Injection Vulnerability (CVE-2017-11383)
1008589* - Trend Micro Control Manager cmdHandlerLicenseManager SQL Injection Vulnerability (CVE-2017-11384)
Unix Samba
1008644* - Samba Arbitrary File Write Vulnerability (CVE-2017-12163)
Web Server Common
1008724* - Trend Micro SafeSync For Enterprise 'device_id' 'role' Command Injection Vulnerability
1008723* - Trend Micro SafeSync For Enterprise Command Injection Vulnerability
Web Server Miscellaneous
1008747 - Adobe ColdFusion RMI Registry Insecure Deserialization (CVE-2017-11284)
1008673* - IBM Informix Open Admin Tool Heap Buffer Overflow Vulnerability (CVE-2017-1092)
1008674* - IBM Informix Open Admin Tool Remote Code Execution Vulnerability (CVE-2017-1092)
Web Server Oracle
1008808* - Oracle WebLogic WLS Security Component Remote Code Execution Vulnerabilities
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1002828* - Application - Secure Shell Daemon (SSHD)
Featured Stories
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more