17-059 (December 19, 2017)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1008717 - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-11771)


DHCP Server
1008591* - FreeRADIUS Integer Underflow Out Of Bounds Read Vulnerability (CVE-2017-10986)


HP Intelligent Management Center Dbman
1008749* - HPE Intelligent Management Center Dbman Stack Buffer Overflow Vulnerability (CVE-2017-8956)


RRAS Service
1008769* - Microsoft Windows RRAS Service Remote Code Execution Vulnerability (CVE-2017-11885)


Remote Desktop Protocol Server
1008307* - Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability (CVE-2017-0176)


Unix Samba
1008791* - Samba Arbitrary Code Execution Vulnerability (CVE-2017-14746)


Web Application PHP Based
1008550 - PHP 'imagegammacorrect' Function Arbitrary Write Access vulnerability (CVE-2016-7127)
1008562 - PHP libgd Signedness Heap Overflow Vulnerability (CVE-2016-3074)


Web Application Ruby Based
1008574 - Ruby On Rails Development Web Console Code Execution Vulnerability (CVE-2015-3224)


Web Client Common
1008583 - Foxit Reader Arbitrary File Write Remote Code Execution Vulnerability (CVE-2017-10952)
1008582 - Foxit Reader Remote Code Execution Vulnerability (CVE-2017-10951)


Web Server Miscellaneous
1008763* - Red Hat JBoss Application Server 'doFilter' Insecure Deserialization Vulnerability (CVE-2017-12149)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1008792 - Microsoft Windows Security Events - 4