* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2017-06-29-001
Previous SRU number: 2017-06-27-001
Applies to:
This SEU number: 1702
Previous SEU: 1700
Applies to:
This is the complete list of rules added in SRU 2017-06-29-001 and SEU 1702.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 43359 | FILE-IMAGE | Microsoft GDI WMF file parsing integer overflow attempt | off | off | off |
| 1 | 43360 | FILE-IMAGE | Microsoft GDI WMF file parsing integer overflow attempt | off | off | off |
| 1 | 43361 | FILE-IMAGE | Microsoft GDI WMF file parsing integer overflow attempt | off | off | off |
| 1 | 43362 | FILE-IMAGE | Microsoft GDI WMF file parsing integer overflow attempt | off | off | off |
| 1 | 43365 | SERVER-WEBAPP | Wordpress Complete Gallery Manager arbitrary PHP file upload attempt | off | off | off |
| 1 | 43366 | SERVER-WEBAPP | Piwigo directory traversal attempt | off | off | drop |
| 1 | 43367 | BROWSER-FIREFOX | Mozilla Firefox XUL tree element code execution attempt | off | off | off |
| 1 | 43370 | NETBIOS | DCERPC possible wmi remote process launch | off | off | off |
| 1 | 43371 | BROWSER-PLUGINS | DivX Player DivXBrowserPlugin ActiveX clsid access attempt | off | off | off |
| 1 | 43372 | BROWSER-PLUGINS | DivX Player DivXBrowserPlugin ActiveX clsid access attempt | off | off | off |
| 1 | 43373 | BROWSER-PLUGINS | DivX Player DivXBrowserPlugin ActiveX clsid access attempt | off | off | off |
| 1 | 43374 | BROWSER-PLUGINS | DivX Player DivXBrowserPlugin ActiveX clsid access attempt | off | off | off |
| 1 | 43375 | BROWSER-PLUGINS | EB Design Pty Ltd ActiveX clsid access attempt | off | off | off |
| 1 | 43376 | BROWSER-PLUGINS | EB Design Pty Ltd ActiveX clsid access attempt | off | off | off |
| 1 | 43377 | BROWSER-PLUGINS | EB Design Pty Ltd ActiveX clsid access attempt | off | off | off |
| 1 | 43378 | BROWSER-PLUGINS | EB Design Pty Ltd ActiveX clsid access attempt | off | off | off |
| 1 | 43379 | SERVER-WEBAPP | CA ERwin Web Portal ProfileIconServlet directory traversal attempt | off | off | off |
| 1 | 43380 | OS-WINDOWS | Microsoft Windows MsMpEng custom apicall instruction use detected | off | drop | drop |
| 1 | 43381 | OS-WINDOWS | Microsoft Windows MsMpEng custom apicall instruction use detected | off | drop | drop |
| 1 | 43382 | FILE-FLASH | Adobe Flash Player AdvertisingMetadata use after free attempt | off | drop | drop |
| 1 | 43383 | FILE-FLASH | Adobe Flash Player AdvertisingMetadata use after free attempt | off | drop | drop |
| 1 | 43384 | INDICATOR-COMPROMISE | Wing FTP Server potentially malicious admin user creation attempt | off | off | off |
| 1 | 43385 | INDICATOR-COMPROMISE | Wing FTP Server potentially malicious admin user creation attempt | off | off | off |
| 1 | 43389 | INDICATOR-COMPROMISE | Symantec Endpoint Protection potential binary planting RCE attempt | off | off | off |
| 1 | 43391 | SERVER-WEBAPP | MySQL Commander remote file include attempt | off | off | off |
| 1 | 43392 | SERVER-WEBAPP | MySQL Commander remote file include attempt | off | off | off |
| 1 | 43393 | FILE-FLASH | Adobe Flash Player MPEG-4 AVC decoding out of bounds read attempt | off | drop | drop |
| 1 | 43394 | FILE-FLASH | Adobe Flash Player MPEG-4 AVC decoding out of bounds read attempt | off | drop | drop |
| 1 | 43395 | FILE-FLASH | Adobe Acrobat Reader profile use after free attempt | off | drop | drop |
| 1 | 43396 | FILE-FLASH | Adobe Acrobat Reader profile use after free attempt | off | drop | drop |
| 1 | 43397 | SERVER-OTHER | Proface GP-Pro EX EX-ED BeginPreRead stack buffer overflow attempt | off | off | off |
| 1 | 43398 | BROWSER-IE | Microsoft Internet Explorer clone object memory corruption attempt | off | off | off |
| 1 | 43399 | FILE-IMAGE | multiple products PNG processing buffer overflow attempt | off | off | off |
| 1 | 43400 | BROWSER-PLUGINS | IBM Lotus Quickr ActiveX stack buffer overflow ActiveX clsid access attempt | off | off | off |
| 1 | 43401 | BROWSER-PLUGINS | IBM Lotus Quickr ActiveX stack buffer overflow ActiveX clsid access attempt | off | off | off |
| 1 | 43402 | SERVER-WEBAPP | HP Intelligent Management Center directory traversal directory traversal attempt | off | off | drop |
| 1 | 43403 | SERVER-WEBAPP | HP Intelligent Management Center directory traversal directory traversal attempt | off | off | drop |
| 1 | 43404 | SERVER-WEBAPP | HP Intelligent Management Center directory traversal directory traversal attempt | off | off | drop |
| 1 | 43405 | FILE-FLASH | Adobe Flash Player determinePreferredLocales out of bounds memory read attempt | off | drop | drop |
| 1 | 43406 | FILE-FLASH | Adobe Flash Player determinePreferredLocales out of bounds memory read attempt | off | drop | drop |
| 1 | 43407 | POLICY-OTHER | MongoDB insert document attempt | off | off | off |
| 1 | 43408 | POLICY-OTHER | MongoDB query attempt | off | off | off |
| 1 | 43409 | POLICY-OTHER | MongoDB dropDatabase attempt | off | off | off |
| 1 | 43410 | FILE-FLASH | Adobe Flash Player DisplayObject use after free attempt | off | drop | drop |
| 1 | 43411 | FILE-FLASH | Adobe Flash Player DisplayObject use after free attempt | off | drop | drop |
| 1 | 43412 | FILE-FLASH | Adobe Flash Player DisplayObject use after free attempt | off | drop | drop |
| 1 | 43413 | FILE-FLASH | Adobe Flash Player DisplayObject use after free attempt | off | drop | drop |
| 1 | 43414 | FILE-FLASH | Adobe Flash Player DisplayObject use after free attempt | off | drop | drop |
| 1 | 43415 | FILE-FLASH | Adobe Flash Player DisplayObject use after free attempt | off | drop | drop |
| 1 | 43416 | FILE-FLASH | Adobe Flash Player BitmapData object out of bounds access attempt | off | drop | drop |
| 1 | 43417 | FILE-FLASH | Adobe Flash Player BitmapData object out of bounds access attempt | off | drop | drop |
| 1 | 43418 | FILE-FLASH | Adobe Flash Player BitmapData object out of bounds access attempt | off | drop | drop |
| 1 | 43419 | FILE-FLASH | Adobe Flash Player BitmapData object out of bounds access attempt | off | drop | drop |
| 1 | 43420 | FILE-FLASH | Adobe Flash Player custom toString function attempt | off | drop | drop |
| 1 | 43421 | FILE-FLASH | Adobe Flash Player custom toString function attempt | off | drop | drop |
| 1 | 43422 | DELETED | rfhewhf784rh7qrhq87rh2378ry228jpr8q8wjrq98wr8r | |||
| 1 | 43423 | DELETED | rfhewhf784rh7qrhq87rh2378ry228jpr8q8wjrq98wr8r | |||
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 43368 | FILE-OTHER | Compface xbm long declaration buffer overflow attempt | off | off | off |
| 1 | 43369 | FILE-OTHER | Compface xbm long declaration buffer overflow attempt | off | off | off |
| 1 | 43386 | OS-WINDOWS | Microsoft Windows MFT denial of service attempt | off | off | off |
| 1 | 43387 | OS-WINDOWS | Microsoft Windows MFT denial of service attempt | off | off | off |
| 1 | 43388 | OS-OTHER | Apple OSX CFNetwork HTTP response denial of service attempt | off | off | off |
| 1 | 43390 | SERVER-WEBAPP | Netgear Prosafe startup config information disclosure attempt | off | off | off |
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 43363 | FILE-IDENTIFY | Microsoft Windows Audio wmf file magic detected | off | off | off |
| 1 | 43364 | FILE-IDENTIFY | Microsoft Windows Audio wmf file magic detected | off | off | off |