* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2017-09-06-001
Previous SRU number: 2017-09-05-001
Applies to:
This SEU number: 1731
Previous SEU: 1730
Applies to:
This is the complete list of rules added in SRU 2017-09-06-001 and SEU 1731.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 44298 | SERVER-WEBAPP | AT&T U-verse modem command injection attempt | off | off | off |
| 1 | 44300 | SERVER-WEBAPP | AT&T U-verse modem authentication bypass attempt | off | off | off |
| 1 | 44302 | SERVER-WEBAPP | AT&T U-verse modem firmware upload attempt | off | off | off |
| 1 | 44303 | FILE-OFFICE | Microsoft PowerPoint CString atom overflow attempt | off | off | off |
| 1 | 44304 | FILE-OFFICE | Microsoft PowerPoint CString atom overflow attempt | off | off | off |
| 1 | 44305 | OS-WINDOWS | Microsoft DirectShow memory corruption attempt | off | off | off |
| 1 | 44306 | OS-WINDOWS | Microsoft DirectShow memory corruption attempt | off | off | off |
| 1 | 44307 | MALWARE-CNC | Win.Downloader.Razy variant outbound connection | off | drop | drop |
| 1 | 44310 | SERVER-WEBAPP | Oracle Secure Backup web tool command injection attempt | off | off | off |
| 1 | 44311 | SERVER-WEBAPP | Oracle Secure Backup web tool command injection attempt | off | off | off |
| 1 | 44312 | SERVER-WEBAPP | Oracle Secure Backup web tool command injection attempt | off | off | off |
| 1 | 44313 | MALWARE-CNC | Win.Downloader.Razy variant outbound connection | off | drop | drop |
| 1 | 44314 | MALWARE-CNC | Win.Trojan.Totbrick variant inbound connection attempt | off | drop | drop |
| 1 | 44315 | SERVER-WEBAPP | Java XML deserialization remote code execution attempt | off | drop | drop |
| 1 | 44316 | MALWARE-CNC | Win.Trojan.Ellell variant outbound connection attempt | off | drop | drop |
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 44299 | SERVER-WEBAPP | AT&T U-verse modem information disclosure attempt | off | off | off |
| 1 | 44301 | SERVER-WEBAPP | AT&T U-verse modem information disclosure attempt | off | off | off |
| 1 | 44308 | OS-LINUX | Linux kernel sctp_rcv_ootb invalid chunk length DoS attempt | off | off | off |
| 1 | 44309 | OS-LINUX | Linux kernel sctp_rcv_ootb invalid chunk length DoS attempt | off | off | off |