* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2015-05-12-002
Previous SRU number: 2015-05-06-001
Applies to:
This SEU number: 1295
Previous SEU: 1292
Applies to:
This is the complete list of rules added in SRU 2015-05-12-002 and SEU 1295.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
GID | SID | Rule Group | Rule Message | Policy State | ||
---|---|---|---|---|---|---|
Con. | Bal. | Sec. | ||||
1 | 34349 | SERVER-OTHER | IBM Tivoli Storage Manager FastBack buffer overflow attempt | off | off | drop |
1 | 34350 | SERVER-OTHER | IBM Tivoli Storage Manager FastBack buffer overflow attempt | off | off | drop |
1 | 34351 | SERVER-OTHER | IBM Tivoli Storage Manager FastBack buffer overflow attempt | off | off | drop |
1 | 34352 | SERVER-OTHER | IBM Tivoli Storage Manager FastBack buffer overflow attempt | off | off | drop |
1 | 34353 | SERVER-OTHER | IBM Tivoli Storage Manager FastBack buffer overflow attempt | off | off | drop |
1 | 34354 | FILE-FLASH | Adobe Flash Player NetConnection AS2 arbitrary code execution attempt | off | drop | drop |
1 | 34355 | FILE-FLASH | Adobe Flash Player NetConnection AS2 arbitrary code execution attempt | off | drop | drop |
1 | 34356 | FILE-FLASH | Adobe Flash Player NetConnection AS2 arbitrary code execution attempt | off | drop | drop |
1 | 34357 | FILE-FLASH | Adobe Flash Player NetConnection AS2 arbitrary code execution attempt | off | drop | drop |
1 | 34358 | SERVER-WEBAPP | Dell SonicWALL SonicOS macIpSpoofView cross site scripting attempt | off | off | off |
1 | 34359 | SERVER-WEBAPP | ESF pfSense deletefile directory traversal attempt | off | off | off |
1 | 34360 | SERVER-WEBAPP | ESF pfSense deletefile directory traversal attempt | off | off | off |
1 | 34361 | SERVER-WEBAPP | ESF pfSense deletefile directory traversal attempt | off | off | off |
1 | 34362 | MALWARE-CNC | Win.Trojan.Mantal variant outbound connection attempt | off | drop | drop |
1 | 34363 | SERVER-WEBAPP | Novell ZENworks Configuration Management GetStoredResult.class SQL injection attempt | off | off | drop |
1 | 34364 | SERVER-WEBAPP | Novell ZENworks Configuration Management rtrlet.class directory traversal attempt | off | off | drop |
1 | 34365 | SERVER-WEBAPP | Magento remote code execution attempt | off | drop | drop |
1 | 34366 | MALWARE-CNC | Win.Trojan.Mantal variant outbound connection attempt | off | drop | drop |
1 | 34367 | MALWARE-CNC | Win.Trojan.Banload variant outbound connection | off | drop | drop |
1 | 34368 | MALWARE-CNC | Win.Trojan.Banload variant outbound connection | off | drop | drop |
3 | 34369 | SERVER-WEBAPP | Cisco UCS Central command injection attempt | off | drop | drop |
1 | 34370 | BLACKLIST | DNS request for known malware domain mymoney.000a.de - Win.Trojan.Fareit | off | drop | drop |
1 | 34371 | FILE-OTHER | Microsoft Journal memory corruption attempt | off | drop | drop |
1 | 34372 | FILE-OTHER | Microsoft Journal memory corruption attempt | off | drop | drop |
1 | 34373 | SERVER-OTHER | PHP zip_cdir_new function integer overflow file download attempt | off | off | off |
1 | 34374 | SERVER-OTHER | PHP zip_cdir_new function integer overflow file download attempt | off | off | off |
1 | 34375 | SERVER-OTHER | PHP zip_cdir_new function integer overflow file download attempt | off | off | off |
1 | 34376 | SERVER-OTHER | PHP zip_cdir_new function integer overflow file download attempt | off | off | off |
1 | 34379 | BROWSER-IE | Microsoft Internet Explorer protected mode sandbox privilege escalation attempt | off | drop | drop |
1 | 34380 | BROWSER-IE | Microsoft Internet Explorer protected mode sandbox privilege escalation attempt | off | drop | drop |
1 | 34381 | BROWSER-IE | Microsoft Internet Explorer range use after free attempt | off | drop | drop |
1 | 34382 | BROWSER-IE | Microsoft Internet Explorer range use after free attempt | off | drop | drop |
1 | 34383 | BROWSER-IE | Microsoft Internet Explorer memory corruption attempt | off | drop | drop |
1 | 34384 | BROWSER-IE | Microsoft Internet Explorer memory corruption attempt | off | drop | drop |
1 | 34385 | FILE-OTHER | Microsoft Journal memory corruption attempt | off | drop | drop |
1 | 34386 | FILE-OTHER | Microsoft Journal memory corruption attempt | off | drop | drop |
1 | 34387 | FILE-OTHER | Microsoft Journal out of bounds write attempt | off | drop | drop |
1 | 34388 | FILE-OTHER | Microsoft Journal out of bounds write attempt | off | drop | drop |
1 | 34389 | FILE-OTHER | Microsoft Journal out of bounds read attempt | off | drop | drop |
1 | 34390 | FILE-OTHER | Microsoft Journal out of bounds read attempt | off | drop | drop |
1 | 34391 | BROWSER-IE | Microsoft Internet Explorer TextData out of bounds read attempt | off | drop | drop |
1 | 34392 | BROWSER-IE | Microsoft Internet Explorer TextData out of bounds read attempt | off | drop | drop |
1 | 34399 | FILE-OTHER | Microsoft Journal file exploitation attempt | off | drop | drop |
1 | 34400 | FILE-OTHER | Microsoft Journal file exploitation attempt | off | drop | drop |
1 | 34401 | OS-WINDOWS | Microsoft Windows Calendar object heap corruption attempt | off | drop | drop |
1 | 34402 | OS-WINDOWS | Microsoft Windows Calendar object heap corruption attempt | off | drop | drop |
1 | 34403 | FILE-OTHER | Microsoft Journal out of bounds read attempt | off | drop | drop |
1 | 34404 | FILE-OTHER | Microsoft Journal out of bounds read attempt | off | drop | drop |
1 | 34405 | BROWSER-IE | Microsoft Internet Explorer improper copy buffer access information disclosure attempt | off | off | off |
1 | 34406 | BROWSER-IE | Microsoft Internet Explorer improper copy buffer access information disclosure attempt | off | off | off |
1 | 34407 | BROWSER-IE | Microsoft Internet Explorer protected mode sandbox bypass attempt | off | drop | drop |
1 | 34408 | BROWSER-IE | Microsoft Internet Explorer protected mode sandbox bypass attempt | off | drop | drop |
1 | 34409 | BROWSER-IE | Microsoft Internet Explorer DOMNodeInserted use-after-free attempt | off | drop | drop |
1 | 34410 | BROWSER-IE | Microsoft Internet Explorer DOMNodeInserted use-after-free attempt | off | drop | drop |
1 | 34411 | BROWSER-IE | Microsoft Internet Explorer CSecurityContext type confusion use after free attempt | off | drop | drop |
1 | 34412 | BROWSER-IE | Microsoft Internet Explorer CSecurityContext type confusion use after free attempt | off | drop | drop |
1 | 34413 | OS-WINDOWS | Microsoft Windows NtUserGetScrollBarInfo information disclosure attempt | off | drop | drop |
1 | 34414 | OS-WINDOWS | Microsoft Windows NtUserGetScrollBarInfo information disclosure attempt | off | drop | drop |
1 | 34415 | BROWSER-IE | Microsoft Internet Explorer dd element use after free attempt | off | drop | drop |
1 | 34416 | BROWSER-IE | Microsoft Internet Explorer IE8 compatibility mode enable attempt | off | off | off |
1 | 34417 | BROWSER-IE | Microsoft Internet Explorer dd element use after free attempt | off | drop | drop |
1 | 34418 | BROWSER-IE | Microsoft Internet Explorer Element object use-after-free attempt | off | drop | drop |
1 | 34419 | BROWSER-IE | Microsoft Internet Explorer Element object use-after-free attempt | off | drop | drop |
1 | 34420 | BROWSER-IE | Microsoft Internet Explorer CDispScroller object use-after-free attempt | off | drop | drop |
1 | 34421 | BROWSER-IE | Microsoft Internet Explorer CDispScroller object use-after-free attempt | off | drop | drop |
1 | 34422 | BROWSER-IE | Microsoft Internet Explorer CTitleElement object use-after-free attempt | off | drop | drop |
1 | 34423 | BROWSER-IE | Microsoft Internet Explorer CTitleElement object use-after-free attempt | off | drop | drop |
1 | 34424 | BROWSER-IE | Microsoft Internet Explorer compatibility mode use after free attempt | off | drop | drop |
1 | 34425 | BROWSER-IE | Microsoft Internet Explorer compatibility mode use after free attempt | off | drop | drop |
1 | 34430 | BROWSER-IE | Microsoft Internet Explorer CTreePos object use after free attempt | off | off | drop |
1 | 34431 | BROWSER-IE | Microsoft Internet Explorer CTreePos object use after free attempt | off | off | drop |
1 | 34432 | BROWSER-IE | Microsoft Internet Explorer TableGridBlock use after free attempt | off | drop | drop |
1 | 34433 | BROWSER-IE | Microsoft Internet Explorer TableGridBlock use after free attempt | off | drop | drop |
1 | 34436 | BROWSER-IE | Microsoft Internet Explorer CTitleElement use after free attempt | off | drop | drop |
1 | 34437 | BROWSER-IE | Microsoft Internet Explorer CTitleElement use after free attempt | off | drop | drop |
1 | 34438 | OS-WINDOWS | Microsoft Windows Explorer .msc file stack overflow attempt | off | off | drop |
1 | 34439 | OS-WINDOWS | Microsoft Windows Explorer .msc file stack overflow attempt | off | off | drop |
1 | 34440 | OS-WINDOWS | Microsoft Windows Win32k TrueType Font parsing out of bounds attempt | off | drop | drop |
1 | 34441 | OS-WINDOWS | Microsoft Windows Win32k TrueType Font parsing out of bounds attempt | off | drop | drop |
1 | 34444 | BROWSER-IE | Microsoft Internet Explorer TableGridBlock object use after free attempt | off | off | drop |
1 | 34445 | BROWSER-IE | Microsoft Internet Explorer TableGridBlock object use after free attempt | off | off | drop |
GID | SID | Rule Group | Rule Message | Policy State | ||
---|---|---|---|---|---|---|
Con. | Bal. | Sec. | ||||
1 | 34377 | OS-WINDOWS | Microsoft Windows NtUserGetComboBoxInfo information disclosure attempt | off | drop | drop |
1 | 34378 | OS-WINDOWS | Microsoft Windows NtUserGetComboBoxInfo information disclosure attempt | off | drop | drop |
1 | 34393 | BROWSER-IE | Microsoft Internet Explorer vbscript regular expression information disclosure attempt | off | off | drop |
1 | 34394 | BROWSER-IE | Microsoft Internet Explorer vbscript regular expression information disclosure attempt | off | off | drop |
1 | 34426 | OS-WINDOWS | Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt | off | drop | drop |
1 | 34427 | OS-WINDOWS | Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt | off | drop | drop |
1 | 34428 | FILE-OFFICE | Microsoft Word incorrect ptCount element denial of service attempt | off | drop | drop |
1 | 34429 | FILE-OFFICE | Microsoft Word incorrect ptCount element denial of service attempt | off | drop | drop |
1 | 34434 | OS-WINDOWS | Microsoft Windows .NET XML recursive call denial of service attempt | off | drop | drop |
1 | 34435 | OS-WINDOWS | Microsoft Windows .NET XML recursive call denial of service attempt | off | drop | drop |
1 | 34442 | OS-WINDOWS | Microsoft Windows NTUserGetTitleBarInfo information disclosure attempt | off | drop | drop |
1 | 34443 | OS-WINDOWS | Microsoft Windows NTUserGetTitleBarInfo information disclosure attempt | off | drop | drop |
GID | SID | Rule Group | Rule Message | Policy State | ||
---|---|---|---|---|---|---|
Con. | Bal. | Sec. | ||||
1 | 34395 | FILE-IDENTIFY | Microsoft Journal file attachment detected | off | off | off |
1 | 34396 | FILE-IDENTIFY | Microsoft Journal file attachment detected | off | off | off |
1 | 34397 | FILE-IDENTIFY | Microsoft Journal file download request | off | off | off |
1 | 34398 | FILE-IDENTIFY | Microsoft Journal file download attempt | off | off | off |
Updated rules can be found at this link.