Sourcefire Support - Security Vulnerability and Fingerprint Database Updates 220

Sourcefire VRT VDB Update 2014-10-01

Sourcefire 3D System Vulnerability Database (VDB) Update

Date: 2014-10-01

This VDB: 220
Previous VDB: 219

Sourcefire 3D System Version 4.10.x:

Defense Centers and 3D Sensors
3D Sensor Software for Crossbeam X-Series

Sourcefire 3D System Version 5.x:

Defense Centers

Supported Detector Types:

service (4.10.x) and application protocol (5.x)
client application (4.10.x) and client (5.x)
payload (any 4.10.x release including and above 4.10.1) and web application (5.x)

IMPORTANT! Some application protocol, client, and web application detectors are supported in Version 5.x only. This Advisory refers to these as FireSIGHT application detectors.

Download the VDB update and obtain update instructions from the Sourcefire Support Site at https://support.sourcefire.com. Note that the time it takes to update the VDB can vary. For more information, see the online help on your appliance or download the Sourcefire 3D System User Guide from the Support Site.

VDB Changelog:
from version 219 (6:12:55 PM on September 18th, 2014 UTC)
to version 220 (1:18:22 PM on September 24th, 2014 UTC)

Service (4.x) and Application Protocol (5.x) Detectors
Total Added:	0
Total Removed:	0
Total Updated:	0
Client Application (4.x) and Client (5.x) Detectors
Total Added:	0
Total Removed:	1
Total Updated:	0
Payload (4.x) and Web Application (5.x) Detectors
Total Added:	227
Total Removed:	3
Total Updated:	0
FireSIGHT Detector Updates (5.x)
Total Added:	10
Total Removed:	5
Total Modified:	0
Operating System Fingerprint Details
Total Added:	0
Total Removed:	0
Total Updated:	1
Operating System and Hardware Fingerprint Details (5.1.x)
Total Added:	2
Total Removed:	0
Total Updated:	0
Vulnerability References
Total Added:	0
Total Removed:	0
Total Updated:	0
Fingerprint References
Total Added:	2
Total Removed:	0
Total Updated:	1
File Type Detectors (5.2.x)
Total Added:	0
Total Removed:	0
Total Updated:	0

Operating System Fingerprint Details:

Apple Mac OSX or iOS Mac_OSX 10.5, 10.6 or iOS 8.0 (ID 30925) updated Operating System and Hardware Fingerprint Details (5.1.x)::
Apple iOS iOS 8.0 (ID 70152) added
Apple iOS iOS 8.0 (ID 70153) added

Service (4.x) and Application Protocol (5.x) Detectors:

no additions or modifications.

Client Application (4.x) and Client (5.x) Detectors:

Kazaa: Obsolete in all product versions removed

Payload (4.x) and Web Application (5.x) Detectors:

3COM-TSMUX: 3COM-TSMUX Queuing service, registered with IANA on port 106 tcp/udp. added
914CG: Texas Instruments 914C/G terminal, registered with IANA on port 211 tcp/udp. added
ACA Services: DEC's Application Control Architecture services, registered with IANA on port 62 tcp/udp. added
ACI: Application Communication Interface, registered with IANA on port 187 tcp/udp. added
ACR-NEMA: A standard for handling, storing, printing, and transmitting medical imaging. Registered with IANA on port 104 tcp/udp. added
ActiveSync: Microsoft software that allows synchronization of data between handheld devices and desktop computers. added
AED512: AED 512 Emulation service, registered with IANA on port 149 tcp/udp. added
AFP: Apple Filing Protocol over tcp/udp. Registered with IANA on port 548 tcp/udp. added
Alias: Registered with IANA on port 1187 tcp/udp. added
ANET: Registered with IANA on port 212 tcp/udp. added
ANSA Notify: ANSA REX Notify, registered with IANA on port 116 tcp/udp. added
ANSA REX Trader: ANSA REX Trader, registered with IANA on port 124 tcp/udp. added
ANSI Z39.50: A client-server protocol for searching and retrieving information from remote computer databases. added
ARCISDMS: Registered with IANA on port 262 tcp/udp. added
Ariel: Infotrieve Ariel. Cloud-based system for converting and storing image scans as PDF. added
ARNS: A Remote Network Server system. Registered with IANA on port 384 tcp/udp. added
ASA: Registered with IANA on port 386 tcp/udp. added
Avocent: Registered with IANA on port 1078 tcp/udp. added
BFTP: Background File Transfer Program. added
BGMP: Border Gateway Multicast Protocol. added
BH611: Registered with IANA on port 354 tcp/udp. added
BHEVENT: Registered with IANA on port 357 tcp/udp. added
BHFHS: Registered with IANA on port 248 tcp/udp. added
BHMDS: Registered with IANA on port 310 tcp/udp. added
Blackjack: Registered with IANA on port 1025 tcp/udp. added
BlazeFS: Blaze File Server is a remote file sharing system designed specifically for Macs. added
Bnet: Registered with IANA on port 415 tcp/udp. added
Cableport AX: Registered with IANA on port 282 tcp/udp. added
CAP: Registered with IANA on port 1026 tcp/udp. added
Cisco DRP: Director Response Protocol enables Cisco's DistributedDirector product to query routers on a network for BGP route information. added
Cisco FNATIVE: Registered with IANA on port 130 tcp/udp. added
Cisco GDP: Gateway Discovery Protocol allows hosts to dynamically detect the arrival of new routers as well as determine when a router goes down. added
Cisco SLA: Monitors Service Level Agreements. added
Cisco SYSMAINT: Registered with IANA on port 132 tcp/udp. added
Cisco TNATIVE: Registered with IANA on port 131 tcp/udp. added
Citrix IMA: Independent Management Architeture protocol. Used for licensing and server load updates. added
Citrix Licensing: Citrix Licensing traffic. Registered with IANA on port 7279 tcp/udp. added
Citrix RTMP: Registered with IANA on port 2897 tcp/udp. added
Citrix SLG: Storage Link Gateway. Discovery and access to various storage services. added
CL1: Network Innovations CL/1, registered with IANA on port 172 tcp/udp. added
Clearcase: Software revision control system. added
CLOANTO: The cloanto.net infrastructure provides redundant hosting, email and telecommunications services. added
CMIP: Common Management Information Protocol. added
Coda Auth: Registered with IANA on port 370 tcp/udp. added
CompressNET: CompressNET is a commercial WAN compression/acceleration protocol. added
COMSCM: Registered with IANA on port 437 tcp/udp. added
DASP: This protocol is designed to provide an unordered, reliable, secure session for full-duplex datagram exchange that can be implemented for low power wireless networks and low cost devices. added
DATEX-ASN: A data communications protocol generally used to allow communication between highway traffic control devices. Registered with IANA on port 355 tcp/udp. added
dBase: An old database management system for microcomputers that run Unix and VMS. added
DCAP: An application layer protocol used between workstations and routers to transport SNA/NetBIOS traffic over TCP sessions. added
DCP: An application level protocol optimized for the integration, monitoring and control of devices on a network. Registered with IANA on port 93 tcp/udp. added
DEC Auth: Digital Equipment Corporation authentication protocol. Registered with IANA on port 316 tcp/udp. added
DEC LaDebug: Remote source code debugging protocol. added
DECVMS: Registered with IANA on port 441 tcp/udp. added
DIXIE: A lightweight directory assistence protocol, registered with IANA on port 96 tcp/udp. added
DLS: Directory Location Service, registered with IANA on port 197 tcp/udp. added
DNA-CML: Registered with IANA on port 436 tcp/udp. added
DNSIX: DNSIX stands for DODIIS (Department of Defence Intelligence Information System) Network Security Information Exchange. Network security protocols defined by the U.S. Defense Intelligence Agency. added
DPSI: Desktop Paging Software, Inc. Registered with IANA on port 315 tcp/udp. added
DSFGW: Registered with IANA on port 438 tcp/udp. added
DSP: Display Support Protocol. Registered with IANA on port 33 tcp/udp. added
DSP3270: Display Systems Protocol. Registered with IANA on port 246 tcp/udp. added
DTAG: Protocols developed by Deutsche Telekom AG. Registered with IANA on port 352 tcp/udp. added
EMBLNDT: Registered with IANA on port 394 tcp/udp. added
EMFIS Data: EMFIS Service, port 140 tcp/udp. added
EntrustTime: Time protocol for Entrust, Inc's security software. Registered with IANA on port 309 tcp/udp. added
ERPC: Encore Expedited Remote Procedure Call. added
ESRO: The Efficient Short Remote Operations service is a Remote Procedure Call service. added
Fatmen: Registered with IANA on port 347 tcp/udp. added
FileMaker: A cross-platform relational database application. added
FXP: File eXchange Protocol uses FTP to transfer data from one remote server to another without routing this data through the client's connection. added
GACP: Gateway Access Control Protocol, registered with IANA on port 190 tcp/udp. added
Genie: A network management/diagnostic protocol. added
GENRAD: Registered with IANA on port 176 tcp/udp. added
GIST: General Internet Signalling Transport. added
GPFS: IBM General Parallel File System is a high-performance shared-disk clustered file system. Registered with IANA on port 1191 tcp/udp. added
Groupwise: A messaging and collaborative software platform from Novell that supports email, calendaring, personal information management, instant messaging, and document management. added
HDAP: Microsoft HDA Protocol. added
Hidden Chronicles: Social hidden object game. removed
HiveStor: HiveStor Distributed File System. added
HP Perf: Performance Data Collector for HP OpenVMS. added
HP VMM: HP Virtual Machine Manager. added
Hyper-G: A publishing system designed to offer features more advanced than HTTP. added
IASD: Registered with IANA on port 432 tcp/udp. added
IBM App: IBM systems software. added
ICAD: A knowledge-based engineering system written in Lisp. added
ICP: Registered with IANA on port 1112 tcp/udp. added
IMGames: Registered with IANA on port 1077 tcp/udp. added
InfoSeek: A 90s-era internet search engine. added
IngresNET: Protocol that allows access to Ingres databases. added
IPP: Internet Printing Protocol. added
ISI Graphics: ISI Graphics Language. added
Jargon: Jargon protocol. added
KFTP: File Transfer Protocol with Kerberos authentication and encryption. added
KFTPDATA: File Transfer Protocol with Kerberos authentication and encryption. added
KIS: KIS Protocol. added
KNETCMP: KNET/VM Command/Message Protocol. added
Kryptolan: Registered with IANA on port 398 tcp/udp. added
Ktelnet: Telnet with Kerberos authentication and encryption. added
KVM: KVM (Keyboard/Video/Mouse) over IP Management Service. added
KWDB: Remote Kernel debugger communication. added
Legent: Protocols for legent-1, registered with IANA on port 373 tcp/udp, and legent-2, registered with IANA on port 374 tcp/udp. added
LINK: Registered with IANA on port 245 tcp/udp. added
LLMNR: Link-local Multicast Name Resolution. Used by Windows for local name resolution. added
Locus Map: Registered with IANA on port 125 tcp/udp. added
Lotus Notes: IBM's enterprise collaboration suite. added
Magenta Logic: Registered with IANA on port 313 tcp/udp. added
MAILQ: Registered with IANA on port 174 tcp/udp. added
Masqudialer: The masqudialer system allows authorized LAN users to manipulate the network interface, usually a modem, that gives Internet access on a Linux box without having to use Telnet. added
MATIP: Airline reservation, ticketing, and messaging system. added
MC-FTP: Multicast File Transfer Protocol. added
McIDAS: Man-computer Interactive Data Access System, a data transmission protocol. added
mck-ivpip: Citel's VoIP extender ipvip protocol. added
Me.com: Apple cloud storage service, now Closed and suggested to visit iCloud. removed
Meeting Maker: A cross-platform personal calendar and group scheduling software application. added
Meta5: Business analytic software. Allows users to create reports that can access multiple corporate data sources. Registered with IANA on port 393 tcp/udp. added
Metagram: Metagram Relay. added
Mini SQL: A lightweight database management system. added
MIT Spooler: MIT Dover Spooler. Registered with IANA on port 91 tcp/udp. added
mit-ml-dev: MIT ML Device, registered with IANA on port 83 tcp/udp. added
MobileIP: An IETF standard for mobile IP networks. added
MortgageWare: A product developed by Interlinq Software Corp that automates all components of the loan originating process. added
MS CRS: Microsoft Content Replication System. Registered with IANA on port 507 tcp/udp. added
MS OLAP: An online analytical processing capability that is a component of Microsoft SQL Server. added
MSMQ: MSMQ is essentially a messaging protocol that allows applications running on separate servers/processes to communicate in a failsafe manner. added
MSP: An application layer protocol used to send a short message between nodes on a network. added
MuchShare: Online file hosting service. removed
NAMP: Neighbor Aware Multicast Routing Protocol. added
NCED: Registered with IANA on port 404 tcp/udp. added
NCLD: Registered with IANA on port 405 tcp/udp. added
NDS Auth: A software module from Symantec Corporation. added
Netinfo: Registered with IANA on port 1033 tcp/udp. added
NETSC: Registered with IANA on ports 154 tcp/udp. added
NetScout: Control traffic for NetScout Systems' network traffic monitoring products. Registered with IANA on port 395 tcp/udp. added
Netware: A network operating system developed by Novell, Inc. added
NeXTStep: NeXTStep Window Server. added
NFA: A network file system that acts as a client for a remote file access protocol, providing access to files on a server. added
NI FTP: Network Independent File Transfer Program. added
NI Mail: A mass email client with socks proxy support. added
NIP: Amiga Envoy Network Inquiry Protocol. Registered with IANA on port 376 tcp/udp. added
NNSP: An Internet application protocol used for transporting Usenet news articles (netnews) between news servers and for reading and posting articles by end user client applications. added
NovaBACKUP: NovaStor develops and markets data protection and availability software. NovaBACKUP offers support for multi-OS environments and is capable of handling thousands of servers and petabytes of information. added
NSS: NSS Routing. added
NSSTP: Nebula Secure Segment Transfer Protocol. Registered with IANA on port 1036 tcp/udp. added
NXEdit: Registered with IANA on port 126 tcp/udp. added
OCBinder: Binding service for Microsoft Office Communications Server. added
OCServer: Server side of Microsoft Office Communications Server. added
ODMR: An SMTP extension standardized in RFC 2645 that allows e-mail to be relayed after the sender has been authenticated. It uses the extended SMTP command ATRN It is similar to the ETRN command but works with dynamically assigned IP addresses. added
OFTP: Odette File Transfer Protocol is used for EDI electronic data interchange between two communications business partners. added
OFTPS: Odette FTP over SSL/TLS is used primarily for Electronic Data Interchange between two communications business partners. added
Onmux: Registered with IANA on port 417 tcp/udp. added
Opalis Robot: System management and automation solution. Provides real-time monitoring, notification, corrective action and event driven job scheduling. added
OPC-UA: Cross platform framework standards for accessing the real and historical data. added
Openport: Openport. added
OpenVPN: A free and open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections. added
Oracle SQLNET: Networking software that allows remote data-access between programs and the Oracle Database, or among multiple Oracle Databases. added
PCMAIL: PCMail Server. added
PCoIP: A remote desktop system. added
PDAP: Prospero data access protocol. added
PDRE: Peer Direct Replication Engine, allows for distribution of databases and applications. added
PFTP: Port-FTP transfers files, directories and data to other hosts running pftp. added
PKIX Timestamp: The PKIX TS specifies the format of packets, along with some possible transport protocols and some verifications to be done by the server and the client. added
POP2: Post Office Protocol, used by local e-mail clients to retrieve e-mail from a remote server. added
PROFILE: PROFILE Naming System. added
PROSPERO: Prospero Directory Service is a name server based on the virtual system model. added
PWDGEN: Password Generator Protocol, rfc 972. added
Qbik: Qbik products such as WinGate, WinGate VPN, and NetPatrol. added
Remote Job Service: Registered with IANA on port 71 tcp/udp. added
Remote Telnet: Remote Telnet. added
ResCap: Resource capabilities discovery protocol. added
RIP: Routing Information Protocol is a dynamic routing protocol. added
RIS: Relational Interface System Intergraph Corporation's middleware for connecting client software and DBMS. added
RLP: Resource Location Protocol is used to help find network services. added
RMT: Remote MT protocol. Registered with IANA on port 411 tcp. added
RPC2PMAP: An ONC RPC service that runs on network nodes that provide other ONC RPC services. added
RRP: Registry Registrar Protocol. added
RSVD: Resource and Service Validation Daemon. added
RTSPS: A secure network control protocol designed for use in entertainment and communications systems to control streaming media servers. The protocol is used for establishing and controlling media sessions between end points. added
SCCP: SCCP (Skinny Call Control Protocol) traffic is generated by setting up and controlling voice over IP calls. added
Sco I2 Dialog Daemon: Registered with IANA on port 360 tcp/udp. added
SecurSight: A public-key architecture that combines authentication, authorization, and secure communications. added
Semantix: Language translation and definition service. added
Sender Rewriting Scheme: Registered with IANA on port 362 tcp/udp. added
SGCP: A communications protocol used within a Voice over Internet Protocol system. It has been superseded by the Media Gateway Control Protocol architecture. added
SGMP: Simple Gateway Monitoring Protocol is a protocol that preceeded SNMP. added
Shrinkwrap: A public key infrastructure protocol that uses internet security key management protocols. added
Silverplatter: Commercial reference database. added
SMAKYNET: SMAKYNET Protocol. added
SMPTE: Registered with IANA on port 420 tcp/udp. added
SMSP: Storage Management Services Protocol, registered with IANA on port 413 tcp/udp. added
SNA Gateway: SNA Gateway Access Server enables users to exchange information and share resources between configured OpenVMS systems in DECnet and/or TCP/IP environments in a bidirectional manner. added
SNPP: A protocol for delivering pages to pagers over the Internet. added
SoftPC: Software emulation of x86 hardware. added
SRC: IBM System Resource Controller facilitates the management and control of complex subsystems. The SRC is a subsystem controller. added
SRMP: Spider Remote Monitoring Protocol. added
Stat Service: Statistics Service for collecting STAT data from hosts. added
Su-Mit Telnet: Su-Mit Telnet Gateway. added
SUPDUP: The SUPDUP protocol provides for login to a remote system over a network with terminal-independent output. added
Sybase SQL: Database management suite. added
Systat: System diagnostics information. added
TAC News: Registered with IANA on port 98 tcp/udp. added
TCPMUX: TCP Port Service Multiplexer is a multiplexing service that may be accessed with a network protocol to contact any one of a number of available TCP services of a host on a single, well-known port number. added
Texar: Policy-based authorization system. added
Time: A network protocol in the Internet Protocol Suite defined in 1983 in RFC 868. Its purpose is to provide a site-independent, machine readable date and time. added
Tobit David: David Service Layer, also known as FaxWare, is a program for Windows NT and NetWare that allows FAXes to be sent over the network. added
Tripwire: A free software security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. added
UAAC: UAAC Protocol. added
UARPS: Unisys ARPs. added
UIS: Registered with IANA on port 390 tcp/udp. added
UMA: Universal Management Architecture. added
Unidata LDM: Event-driven data distribution system, includes network client and server programs and their shared protocols. added
Unify: Unify protocol, registered with IANA on port 181 tcp/udp. added
UPS: Uninterruptible Power Supply, registered with IANA on port 401 tcp/udp. added
UTMP: Keeps track of all logins and logouts to a Unix system. added
UUCP: Unix-to-Unix Copy. added
Vchat: An Internet conferencing protocol. added
vettcp: Registered with IANA on port 78 tcp/udp. added
VM PWSCS: Registered with IANA on port 214 tcp/udp. added
VMNET: Registered with IANA on port 175 tcp/udp. added
VSLMP: Registered with IANA on port 312 tcp/udp. added
Webfilter: Registered with IANA on port 1046 tcp/udp. added
Xfer: The Xfer Utility is used for DNS zone transfers. added
XNS: Xerox Network Services. added
XNS Authentication: Xerox Networking Services Authentication. added
XNS Clearinghouse: Xerox Networking Services Clearinghouse Protocol. added
XNS Mail: Xerox Networking Services Mail. added
XNS Time: XNS Time Protocol. added
Xyplex: Xyplex. added
Zannet: A combination Windows 95 network client and Unix server that providing Windows 95 network drive access to your server files. added
Zebra: A high-performance, general-purpose structured text indexing and retrieval engine. It reads structured records in a variety of input formats (eg. email, XML, MARC) and allows access to them through exact boolean search expressions and relevance-ranked free-text queries. added

FireSIGHT Detector Updates (5.x):

Netix MPP: Message Posting Protocol is a network protocol that is used for posting messages. added
ITV: Streaming video provider. added
Scopia: Avaya Scopia video conferencing system. added
GTP User: GPRS Tunneling Protocol User. added
GTP Control: GPRS Tunneling Protocol Control. added
GSI-FTP: The Globus GridFTP (GSI-FTP, Grid Security Infrastructure) is a secure FTP solution. added
RDT: RealNetworks' data transport protocol. added
SST: SCSI on Scheduled Transfer (ST) standard (SST), a method of encapsulating SCSI packets inside ST Protocol. added
GTP Prime: GPRS Tunneling Protocol Prime. added
Locus PC-Interface Conn Server: Registered with IANA on port 127 TCP/UDP. added
MPP: Netix Message Posting Protocol is a network protocol that is used for posting messages from a computer to a mail service host. removed
SCSI-ST: SCSI on ST is set of standards for physically connecting and transferring data between computers and peripheral devices. removed
GSIFTP: FTP enhanced to use GSI security. removed
Kazaa: Peer-to-peer software. removed
Locus Conn: Registered with IANA on port 127 tcp/udp. removed

File Type Detector Details (5.2.x):

no additions or modifications.

VDB Update Installation Instructions:

Detailed installation instructions can be found here.

VDB Update Summary:

For a complete list of new and modified information use this link.

For Assistance:

Visit the Sourcefire Customer Support Site at https://support.sourcefire.com.
Email Sourcefire Customer Support at support@sourcefire.com.
Call Sourcefire Customer Support at 410.423.1901 or 1.800.917.4134.

About the VRT:

The Sourcefire VRT is a group of leading edge intrusion detection and prevention experts working to proactively discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in the network security industry.

About Sourcefire

Sourcefire, now part of Cisco, is a world leader in intelligent cybersecurity solutions. Together with Cisco, Sourcefire provides a broad portfolio of integrated solutions that deliver unmatched visibility and continuous advanced threat protection across the entire attack continuum - before, during and after an attack.