Cisco Vulnerability Database (VDB) Update for Sourcefire 3D System
Date: 2016-10-31
This VDB: 280
Previous VDB: 279
Sourcefire 3D System Version 4.10.x:
- Cisco FireSIGHT Management Centers (formerly Defense Center) and 3D Sensors
- 3D Sensor Software for Crossbeam X-Series
Sourcefire 3D System Version 5.x:
- Cisco FireSIGHT Management Centers (formerly Defense Center)
Supported Detector Types:
- service (4.10.x) and application protocol (5.x)
- client application (4.10.x) and client (5.x)
- payload (any 4.10.x release including and above 4.10.1) and web application (5.x)
IMPORTANT! Some application protocol, client, and web application detectors are supported in Version 5.x only. This Advisory refers to these as FireSIGHT application detectors.
Download the VDB update and obtain update instructions from the Sourcefire Support Site at https://support.sourcefire.com. Note that the time it takes to update the VDB can vary. For more information, see the online help on your appliance or download the Sourcefire 3D System User Guide from the Support Site.
VDB Changelog:
from version 279 (7:29:15 PM on January 31st, 2017 UTC)
to version 280 (2:34:59 PM on March 23rd, 2017 UTC)
| Service (4.x) and Application Protocol (5.x) Detectors |
|---|
| Total Added: | 1 |
| Total Removed: | 1 |
| Total Updated: | 0 |
| Client Application (4.x) and Client (5.x) Detectors |
|---|
| Total Added: | 7 |
| Total Removed: | 0 |
| Total Updated: | 0 |
| Payload (4.x) and Web Application (5.x) Detectors |
|---|
| Total Added: | 12 |
| Total Removed: | 5 |
| Total Updated: | 0 |
| FireSIGHT Detector Updates (5.x) |
|---|
| Total Added: | 8 |
| Total Removed: | 1 |
| Total Updated: | 0 |
| Operating System Fingerprint Details |
|---|
| Total Added: | 3 |
| Total Removed: | 0 |
| Total Updated: | 7 |
| Operating System and Hardware Fingerprint Details (5.1.x) |
|---|
| Total Added: | 4 |
| Total Removed: | 0 |
| Total Updated: | 0 |
| Vulnerability References |
|---|
| Total Added: | 0 |
| Total Removed: | 0 |
| Total Updated: | 0 |
| Fingerprint References |
|---|
| Total Added: | 7 |
| Total Removed: | 0 |
| Total Updated: | 7 |
| File Type Detectors (5.2.x) |
|---|
| Total Added: | 0 |
| Total Removed: | 0 |
| Total Updated: | 0 |
Operating System Fingerprint Details:
- No additions or modifications.
Operating System and Hardware Fingerprint Details (5.1.x):
- Apple Mac OSX Mac OSX 10.12.1 (ID 130060) (added)
- Apple Mac OSX Mac OSX 10.12.2 (ID 130061) (added)
- Apple Mac OSX Mac OSX 10.12.3 (ID 130062) (added)
- Apple Mac OSX Mac_OSX 10.5, 10.6, 10.10.1, 10.10.2, 10.10.4, 10.10.5, 10.11, 10.11.1, 10.11.3, 10.12, 10.12.1, 10.12.2, 10.12.3 (ID 925) (updated)
- Microsoft Windows Vista, Server 2012, Server 2012 R2; Windows Phone Windows Phone 8.0 (ID 30043) (updated)
- Apple Mac OSX or iOS Mac_OSX 10.5,10.6,10.10,10.10.5,10.11,10.11.1,10.11.3,10.12,10.12.1,10.12.2,10.12.3 or iOS 8.0,8.0.2,8.1,8.1.1,8.1.2,8.1.3,8.2,8.3,8.4,8.4.1,9.0,9.0.1,9.0.2,9.1,9.2,9.2.1,9.3,9.3.1,9.3.2,9.3.3,9.3.4,10.0,10.1,10.2,10.2.1 (ID 30925) (updated)
- Microsoft Windows Vista, 7, Server 2008, 8, 10, Server 2012, Server 2012 R2; Windows Phone Windows Phone 7.5, 8.0 (ID 30932) (updated)
- Microsoft Windows Vista, 7, Server 2008, 8.1 (ID 30933) (updated)
- Apple iOS iOS 9.0,9.0.1, 9.0.2, 9.1, 9.2,9.3.3, 9.3.4, 10.0, 10.2, 10.2.1 (ID 60203) (updated)
- Apple Mac OSX Mac OSX 10.11, 10.12, 10.12.1, 10.12.2, 10.12.3 (ID 60204) (updated)
Service (4.x) and Application Protocol (5.x) Detectors:
- SOCKS: An Internet protocol that facilitates the routing of network packets between clientserver applications via a proxy server. (added)
- QQ: Obsolete in all product versions (removed)
Client Application (4.x) and Client (5.x) Detectors:
- BitTorrent: A peer-to-peer file sharing protocol used for transferring large amounts of data. (added)
- LINE Media: Voice and Video calls between LINE users. (added)
- HIKE: Mobile App for Instant Messaging. (added)
- HIKE Media: Voice and Video calls between HIKE users. (added)
- NetBIOS-dgm: Netbios datagram service. (added)
- syslog: A standard for logging program messages. (added)
- Proxifier: Software that allows a host to route its internet traffic though an external proxy server. (added)
Payload (4.x) and Web Application (5.x) Detectors:
- Google Play: Google Play Store for Android applications. (added)
- HIKE: Mobile App for Instant Messaging. (added)
- LINE: Instant Messaging. (removed)
- Mail.Ru: Runet's free e-mail service. (added)
- Mail.ru Attachment: Attaching a file to an email on mail.ru. (added)
- Monster World: Monster gardening game. (removed)
- Ngrok: Multiplatform tunnelling, reverse proxy software. (added)
- Nico Nico Douga Video: Nico Nico Douga video streaming. (added)
- Outlook: Microsoft email service. (added)
- Paybill: Online secure payment and billing service. (added)
- Rdio: Music subscription service. (removed)
- Skype: A software application that allows users to chat, make voice/video calls, and transfer files over the Internet. (removed)
- Skype for Business: Microsoft instant messaging system, formerly known as Lync. (added)
- Speedtest: Test the download and upload speed of the internet. (added)
- uTorrent: BitTorrent client known for its lightweight and efficient design. (added)
- Windows Media Player: Microsoft application that plays files and streams, both audio and video. (added)
- Zootool: Bookmarking app with visual images. (removed)
FireSIGHT Detector Updates (5.x):
- Uber: Ride sharing application. (added)
- Telegram: Telegram is a messaging app with a focus on speed and security. (added)
- Mail.Ru: Runet's free e-mail service. (added)
- Shazam: Media Playing and sharing application. (added)
- Super Mario Run: Super Mario Run game for mobile devices. (added)
- Nintendo: Content delivery and web traffic from Nintendo, a Japanese company. (added)
- TwitchTV: Justin.tv gaming specific livestreaming platform. (added)
- Gothere: Navigation app for finding directions and places in Singapore. (added)
- Rdio: Music subscription service. (removed)
File Type Detector Details (5.2.x):
- No additions or modifications.
Snort ID Vulnerability Reference Details:
- No additions or modifications.
For assistance:
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information about Cisco ASA devices, see What's New in Cisco Product Documentation.
Subscribe to What's New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service. If you have any questions or require assistance with Cisco ASA devices, please contact Cisco Support:
- Note: To open a TAC request, you must first register for a Cisco.com user ID
- Once you have a Cisco.com user ID, you may initiate or check on the status of a service request online or contacting the TAC by phone:
- For additional information on obtaining technical support through the TAC, please consult the Technical Support Reference Guide (PDF - 1 MB)
About Talos:
The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. The team's expertise spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.