Sourcefire Support - Security Vulnerability and Fingerprint Database Updates 283

Sourcefire VRT VDB Update 2017-06-21

Cisco Vulnerability Database (VDB) Update for Sourcefire 3D System

Date: 2017-06-21

This VDB: 283
Previous VDB: 281

Sourcefire 3D System Version 4.10.x:

Cisco FireSIGHT Management Centers (formerly Defense Center) and 3D Sensors
3D Sensor Software for Crossbeam X-Series

Sourcefire 3D System Version 5.x:

Cisco FireSIGHT Management Centers (formerly Defense Center)

Supported Detector Types:

service (4.10.x) and application protocol (5.x)
client application (4.10.x) and client (5.x)
payload (any 4.10.x release including and above 4.10.1) and web application (5.x)

IMPORTANT! Some application protocol, client, and web application detectors are supported in Version 5.x only. This Advisory refers to these as FireSIGHT application detectors.

Download the VDB update and obtain update instructions from the Sourcefire Support Site at https://support.sourcefire.com. Note that the time it takes to update the VDB can vary. For more information, see the online help on your appliance or download the Sourcefire 3D System User Guide from the Support Site.

VDB Changelog:
from version 281 (9:10:46 PM on May 23rd, 2017 UTC)
to version 283 (10:29:10 PM on June 12th, 2017 UTC)

Service (4.x) and Application Protocol (5.x) Detectors
Total Added:	2
Total Removed:	0
Total Updated:	0
Client Application (4.x) and Client (5.x) Detectors
Total Added:	3
Total Removed:	0
Total Updated:	0
Payload (4.x) and Web Application (5.x) Detectors
Total Added:	14
Total Removed:	5
Total Updated:	0
FireSIGHT Detector Updates (5.x)
Total Added:	8
Total Removed:	2
Total Modified:	0
Operating System Fingerprint Details
Total Added:	1
Total Removed:	0
Total Updated:	6
Operating System and Hardware Fingerprint Details (5.1.x)
Total Added:	2
Total Removed:	0
Total Updated:	0
Vulnerability References
Total Added:	0
Total Removed:	0
Total Updated:	0
Fingerprint References
Total Added:	0
Total Removed:	0
Total Updated:	0
File Type Detectors (5.2.x)
Total Added:	0
Total Removed:	0
Total Updated:	0

Operating System Fingerprint Details:

Apple Mac OSX Mac OSX 10.12.4 (ID 130063) added
Apple Mac OSX Mac_OSX 10.5, 10.6, 10.10.1, 10.10.2, 10.10.4, 10.10.5, 10.11, 10.11.1, 10.11.3, 10.12, 10.12.1, 10.12.2, 10.12.3, 10.12.4 (ID 925) updated
Ubuntu Linux Linux 13.10, 14.04, 16.04, 16.10 (ID 952) updated
Apple Mac OSX or iOS Mac_OSX 10.5,10.6,10.10,10.10.5,10.11,10.11.1,10.11.3,10.12,10.12.1,10.12.2,10.12.3,10.12.4 or iOS 8.0,8.0.2,8.1,8.1.1,8.1.2,8.1.3,8.2,8.3,8.4,8.4.1,9.0,9.0.1,9.0.2,9.1,9.2,9.2.1,9.3,9.3.1,9.3.2,9.3.3,9.3.4,10.0,10.1,10.2,10.2.1,10.3,10.3.1 (ID 30925) updated
Google or Ubuntu or CentOS Android or Linux or Linux Android 2.2.2, 2.3.3, 2.3.4, 2.3.5, 2.3.5, 3.2.1, 4.0.3, 4.0.4, 4.1, 4.1.1, 4.1.2, 4.2, 4.2.1, 4.2.2, 4.4.3, 4.4.4, 5.0, 5.0.1, 5.0.2, 5.1, 7.0 or Linux 11.04, 12.10, 13.04, 13.10, 14.04, 16.04, 16.10 or Linux 6.3, 6.4 (ID 30941) updated
Ubuntu Linux Linux 9.10, 10.04, 11.04, 11.10, 12.04, 12.10, 13.04, 13.10, 14.04, 16.04, 16.10 (ID 60190) updated
Apple Mac OSX Mac OSX 10.11, 10.12, 10.12.1, 10.12.2, 10.12.3, 10.12.4 (ID 60204) updated Operating System and Hardware Fingerprint Details (5.1.x)::
Apple iOS iOS 10.3 (ID 70213) added
Apple iOS iOS 10.3.1 (ID 70214) added

Service (4.x) and Application Protocol (5.x) Detectors:

DHCPv6: Dynamic Host Configuration Protocol for IPv6. added
NetBIOS-ssn (SMB): Netbios session service, also known as SMB. added

Client Application (4.x) and Client (5.x) Detectors:

DDS: Data Distribution Service, communications middleware for data processing applications. added
ZenVPN: VPN/anonymizer app. added
CactusVPN: A VPN client. added

Payload (4.x) and Web Application (5.x) Detectors:

AnyDesk: Remote Desktop Access Software. added
Cisco Spark: Cisco Spark is a collaboration tool with various clients (Windows, OS X, Android, Windows Mobile, iPad, iPhone, Web) for messages, calls, meetings, etc. added
DeNA Comm: Mobile app for Voice and text chat. removed
DHCPv6: Dynamic Host Configuration Protocol for IPv6. added
DHCPv6 Client: DHCPv6 is a network protocol that is used for configuring IPv6 hosts with IP addresses. removed
Elephant Drive: Cloud storage service used primarily as an online backup tool. added
Facebook Photos: Photos traffic from Facebook. added
Flightradar24: Real-time aircraft flight tracking web service. added
Google Remote Desktop: Online desktop sharing service. added
Hotstar: Video streaming app for Star India. added
MUZU TV: Music video site. removed
NetSarang: Network connectivity and management tools package. added
Open Drive: Cloud storage and online backup system. added
Opera Mini: Opera mobile browser. removed
RealVNC: A VNC package that supports client and server side, and also provides cloud-based services such as chat and file transfer. added
Showbox: Mobile application providing streaming video content. added
we7: Music streaming service. removed
Windows Media: Windows Multimedia traffic. added
ZenVPN: VPN/anonymizer app. added

FireSIGHT Detector Updates (5.x):

TurboVPN: A VPN client on mobile devices. added
BlueJeans: An interoperable cloud-based video conferencing service. added
Musical.ly: Video social networking application. added
LastPass: Password management application. added
Flightradar24: Real-time aircraft flight tracking web service. added
Slack: Chat and messaging app. added
WebRTC: Real time communication library that uses several common protocols. added
Tibco Rendezvous: Message distribution system. added
MUZU TV: Music video site. removed
DeNA Comm: Mobile app for Voice and text chat. removed

File Type Detector Details (5.2.x):

no additions or modifications.

VDB Update Installation Instructions:

Detailed installation instructions can be found here.

VDB Update Summary:

For a complete list of new and modified information use this link.

For Assistance:

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information about Cisco ASA devices, see What's New in Cisco Product Documentation.

Subscribe to What's New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service. If you have any questions or require assistance with Cisco ASA devices, please contact Cisco Support:

Note: To open a TAC request, you must first register for a Cisco.com user ID
Once you have a Cisco.com user ID, you may initiate or check on the status of a service request online or contacting the TAC by phone:

U.S. - 1-800-553-2447 Toll Free
International support numbers

For additional information on obtaining technical support through the TAC, please consult the Technical Support Reference Guide (PDF - 1 MB)

About Talos:

The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. The team's expertise spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.