This SRU number: 2014-08-27-002
Previous SRU number: 2014-08-25-002
Applies to:
This SEU number: 1162
Previous SEU: 1160
Applies to:
This is the complete list of rules added in SRU 2014-08-27-002 and SEU 1162.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 31719 | FILE-IMAGE | Microsoft Multiple Products JPEG parser heap overflow attempt | off | off | off |
| 1 | 31720 | BLACKLIST | DNS request for known malware domain albus-capital.com - Win.Trojan.Waski | off | drop | drop |
| 1 | 31721 | BLACKLIST | DNS request for known malware domain albuscapital.info - Win.Trojan.Waski | off | drop | drop |
| 1 | 31722 | MALWARE-CNC | Win.Trojan.Waski variant outbound connection | off | drop | drop |
| 1 | 31723 | FILE-FLASH | Adobe Flash Player memory leak ASLR bypass attempt | off | drop | drop |
| 1 | 31724 | FILE-FLASH | Adobe Flash Player memory leak ASLR bypass attempt | drop | drop | drop |
| 1 | 31725 | FILE-FLASH | Adobe Flash Player memory leak ASLR bypass attempt | off | drop | drop |
| 1 | 31726 | FILE-FLASH | Adobe Flash Player memory leak ASLR bypass attempt | drop | drop | drop |
| 1 | 31728 | SERVER-WEBAPP | ManageEngine Desktop Central LinkViewFetchServlet SQL injection attempt | off | off | drop |
| 1 | 31729 | SERVER-WEBAPP | ManageEngine Password Manager MetadataServlet SQL injection attempt | off | off | drop |
| 1 | 31730 | SERVER-WEBAPP | Symantec Web Gateway dbutils.php SQL injection attempt | off | off | off |
| 1 | 31731 | SERVER-WEBAPP | Symantec Web Gateway dbutils.php SQL injection attempt | off | off | off |
| 1 | 31732 | FILE-FLASH | Adobe Flash Player MMgc use-after-free attempt | drop | drop | drop |
| 1 | 31733 | FILE-FLASH | Adobe Flash Player MMgc use-after-free attempt | drop | drop | drop |
| 1 | 31734 | EXPLOIT-KIT | Nuclear exploit kit landing page detection | off | alert | drop |
| 1 | 31735 | BLACKLIST | User-Agent known malicious user-agent string 250803 | off | off | off |
| 1 | 31736 | BLACKLIST | User-Agent known malicious user-agent string 250803 | off | off | off |
| 1 | 31737 | BLACKLIST | DNS request for known malware domain razihearing.com | off | drop | drop |
| 3 | 31738 | PROTOCOL-DNS | domain not found containing random-looking hostname - possible DGA detected | off | off | off |
| 1 | 31739 | FILE-FLASH | Adobe Flash Player corrupt image memory leak | off | off | drop |
| 1 | 31740 | FILE-FLASH | Adobe Flash Player corrupt image memory leak | off | off | drop |
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 31727 | SERVER-OTHER | Cistron-LG configuration file access attempt | off | off | off |
Updated rules can be found at this link.