Sourcefire Support - Security Vulnerability and Fingerprint Database Updates 270

Sourcefire VRT VDB Update 2016-06-07

Cisco Vulnerability Database (VDB) Update for Sourcefire 3D System

Date: 2016-06-07

This VDB: 270
Previous VDB: 268

Sourcefire 3D System Version 4.10.x:

Cisco FireSIGHT Management Centers (formerly Defense Center) and 3D Sensors
3D Sensor Software for Crossbeam X-Series

Sourcefire 3D System Version 5.x:

Cisco FireSIGHT Management Centers (formerly Defense Center)

Supported Detector Types:

service (4.10.x) and application protocol (5.x)
client application (4.10.x) and client (5.x)
payload (any 4.10.x release including and above 4.10.1) and web application (5.x)

IMPORTANT! Some application protocol, client, and web application detectors are supported in Version 5.x only. This Advisory refers to these as FireSIGHT application detectors.

Download the VDB update and obtain update instructions from the Sourcefire Support Site at https://support.sourcefire.com. Note that the time it takes to update the VDB can vary. For more information, see the online help on your appliance or download the Sourcefire 3D System User Guide from the Support Site.

VDB Changelog:
from version 268 (8:14:20 PM on May 12th, 2016 UTC)
to version 270 (3:07:11 PM on June 1st, 2016 UTC)

Service (4.x) and Application Protocol (5.x) Detectors
Total Added:	0
Total Removed:	0
Total Updated:	0
Client Application (4.x) and Client (5.x) Detectors
Total Added:	0
Total Removed:	0
Total Updated:	0
Payload (4.x) and Web Application (5.x) Detectors
Total Added:	8
Total Removed:	1
Total Updated:	0
FireSIGHT Detector Updates (5.x)
Total Added:	15
Total Removed:	1
Total Modified:	0
Operating System Fingerprint Details
Total Added:	0
Total Removed:	0
Total Updated:	0
Operating System and Hardware Fingerprint Details (5.1.x)
Total Added:	0
Total Removed:	0
Total Updated:	0
Vulnerability References
Total Added:	0
Total Removed:	0
Total Updated:	0
Fingerprint References
Total Added:	0
Total Removed:	0
Total Updated:	0
File Type Detectors (5.2.x)
Total Added:	0
Total Removed:	0
Total Updated:	0

Operating System Fingerprint Details:

no additions or modifications. Operating System and Hardware Fingerprint Details (5.1.x):
no additions or modifications.

Service (4.x) and Application Protocol (5.x) Detectors:

no additions or modifications.

Client Application (4.x) and Client (5.x) Detectors:

no additions or modifications.

Payload (4.x) and Web Application (5.x) Detectors:

Cisco Spark: Cisco Spark is a collaboration tool with various clients (Windows, OS X, Android, Windows Mobile, iPad, iPhone, Web) for messages, calls, meetings, etc. added
Citrix WANScaler: Citrix WAN optimization traffic. added
Google Drive: A free office suite and cloud storage system hosted by Google. added
LiveJournal Post: Making a post on social networking site livejournal. added
Mail.ru Attachment: Attaching a file to an email on mail.ru. added
Microsoft Web Platform Installer: Microsoft Web Platform Installer is a tool to download and setup web development tools based on Microsoft development stack (IIS, SQL Server, .NET Framework, Visual Web Developer, etc). added
REAL SQL Server: A relational database management system. removed
SQL Server: Database server. added
Synology DSM: Synology is a Network Attached Storage (NAS) appliances running Synology's DSM Software. added

FireSIGHT Detector Updates (5.x):

Addictive Mobility: Mobile ad and media service. added
MobileCore: Mobile ad and media service. added
Supercell: Web-based game publisher. added
Browsec: A VPN app. added
Betternet: A VPN tunneling app. added
Clash of Clans: A web-based game. added
LeTV: Chinese online video portal. added
SuperVPN: VPN software. added
Meerkat: Mobile app for live video streaming. added
Boom Beach: A web-based game. added
MoPub: Mobile ad traffic. added
Frozenway: VPN for bypassing firewalls. added
Avocarrot: Mobile ad traffic. added
DotVPN: A VPN Tunneling app. added
Yemonisoni: Mobile ad traffic. added
Letv: Chinese video streaming site. removed

File Type Detector Details (5.2.x):

no additions or modifications.

VDB Update Installation Instructions:

Detailed installation instructions can be found here.

VDB Update Summary:

For a complete list of new and modified information use this link.

For Assistance:

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information about Cisco ASA devices, see What's New in Cisco Product Documentation.

Subscribe to What's New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service. If you have any questions or require assistance with Cisco ASA devices, please contact Cisco Support:

Note: To open a TAC request, you must first register for a Cisco.com user ID
Once you have a Cisco.com user ID, you may initiate or check on the status of a service request online or contacting the TAC by phone:

U.S. - 1-800-553-2447 Toll Free
International support numbers

For additional information on obtaining technical support through the TAC, please consult the Technical Support Reference Guide (PDF - 1 MB)

About Talos:

The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. The team's expertise spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.