* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2015-05-26-001
Previous SRU number: 2015-05-20-001
Applies to:
This SEU number: 1300
Previous SEU: 1299
Applies to:
This is the complete list of rules modified in SRU 2015-05-26-001 and SEU 1300.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
GID | SID | Rule Group | Rule Message | Policy State | ||
---|---|---|---|---|---|---|
Con. | Bal. | Sec. | ||||
1 | 15729 | FILE-FLASH | Possible Adobe Flash Player ActionScript byte_array heap spray attempt | off | off | off |
1 | 17618 | OS-WINDOWS | Microsoft Windows Graphics engine EMF rendering vulnerability | off | off | off |
1 | 18388 | BLACKLIST | User-Agent known malicious user-agent string RookIE/1.0 | off | drop | drop |
1 | 18968 | FILE-FLASH | Adobe Flash Player ActionScript3 stack integer overflow attempt | off | drop | drop |
1 | 19262 | FILE-FLASH | Adobe Flash Player ActionScript float index array memory corruption | drop | drop | drop |
1 | 19263 | FILE-FLASH | Adobe Flash Player ActionScript float index array memory corruption | drop | drop | drop |
1 | 19264 | FILE-FLASH | Adobe Flash Player ActionScript float index array memory corruption | drop | drop | drop |
1 | 19688 | FILE-FLASH | Adobe Flash Player ActionScript BitmapData buffer overflow attempt | drop | drop | drop |
1 | 19690 | FILE-FLASH | Adobe Flash Player ActionScript duplicateDoorInputArguments stack overwrite | drop | drop | drop |
1 | 19691 | FILE-FLASH | Adobe Flash Player ActionScript File reference buffer overflow attempt | drop | drop | drop |
1 | 20031 | FILE-FLASH | Adobe Flash Player ActionScript float index array memory corruption | drop | drop | drop |
1 | 20767 | FILE-FLASH | Adobe Flash Player ActionScript float index array memory corruption | drop | drop | drop |
1 | 20777 | FILE-FLASH | Adobe Flash Player ActionScript float index array memory corruption attempt | drop | drop | drop |
1 | 21457 | FILE-FLASH | Adobe Flash Player ActionScript float index array memory corruption | drop | drop | drop |
1 | 21458 | FILE-FLASH | Adobe Flash Player ActionScript float index array memory corruption | off | drop | drop |
1 | 21533 | FILE-FLASH | Adobe Flash Player ActionScript Stage3D null dereference attempt | drop | drop | drop |
1 | 21534 | FILE-FLASH | Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt | drop | drop | drop |
1 | 21535 | FILE-FLASH | Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt | drop | drop | drop |
1 | 21536 | FILE-FLASH | Adobe Flash Player ActionScript Stage3D null dereference attempt | drop | drop | drop |
1 | 23996 | FILE-FLASH | Adobe Flash Player ActionScript float index array memory corruption attempt | drop | drop | drop |
1 | 23997 | FILE-FLASH | Adobe Flash Player ActionScript float index array memory corruption attempt | off | drop | drop |
1 | 26172 | FILE-FLASH | Adobe Flash Player sortOn heap overflow attempt | drop | drop | drop |
1 | 26173 | FILE-FLASH | Adobe Flash Player sortOn heap overflow attempt | off | drop | drop |
1 | 27267 | FILE-FLASH | Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt | drop | drop | drop |
1 | 27268 | FILE-FLASH | Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt | off | drop | drop |
1 | 28703 | FILE-FLASH | Adobe Flash Player ActionScript float index array memory corruption attempt | off | drop | drop |
1 | 28704 | FILE-FLASH | Adobe Flash Player ActionScript float index array memory corruption attempt | off | drop | drop |
1 | 29524 | FILE-FLASH | Adobe Flash Player loadPCMFromByteArray bad sample count attempt | off | off | off |
1 | 29525 | FILE-FLASH | Adobe Flash Player loadPCMFromByteArray bad sample count attempt | off | off | off |
1 | 29902 | FILE-PDF | Adobe Acrobat Reader invalid JPEG stream double free attempt | off | drop | drop |
1 | 29903 | FILE-PDF | Adobe Acrobat Reader invalid JPEG stream double free attempt | off | drop | drop |
1 | 31284 | FILE-FLASH | Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt | drop | drop | drop |
1 | 33773 | OS-WINDOWS | Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt | off | drop | drop |
1 | 33774 | OS-WINDOWS | Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt | off | drop | drop |
1 | 33777 | SERVER-OTHER | SSL export grade ciphersuite server negotiation attempt | off | off | drop |
1 | 33778 | SERVER-OTHER | SSL export grade ciphersuite server negotiation attempt | off | off | drop |
1 | 33779 | SERVER-OTHER | SSL request for export grade ciphersuite attempt | off | off | drop |
1 | 33780 | SERVER-OTHER | SSL export grade ciphersuite server negotiation attempt | off | off | drop |
1 | 33781 | SERVER-OTHER | SSL export grade ciphersuite server negotiation attempt | off | off | drop |
1 | 33782 | SERVER-OTHER | SSL export grade ciphersuite server negotiation attempt | off | off | drop |
1 | 33783 | SERVER-OTHER | SSL export grade ciphersuite server negotiation attempt | off | off | drop |
1 | 33784 | SERVER-OTHER | SSL export grade ciphersuite server negotiation attempt | off | off | drop |
1 | 33785 | SERVER-OTHER | SSL request for export grade ciphersuite attempt | off | off | drop |
1 | 33786 | SERVER-OTHER | SSL request for export grade ciphersuite attempt | off | off | drop |
1 | 33787 | SERVER-OTHER | SSL request for export grade ciphersuite attempt | off | off | drop |
1 | 33788 | SERVER-OTHER | SSL request for export grade ciphersuite attempt | off | off | drop |
1 | 33789 | SERVER-OTHER | SSL request for export grade ciphersuite attempt | off | off | drop |
1 | 33790 | SERVER-OTHER | SSL request for export grade ciphersuite attempt | off | off | drop |
1 | 33791 | SERVER-OTHER | SSL request for export grade ciphersuite attempt | off | off | drop |
1 | 33792 | SERVER-OTHER | SSL request for export grade ciphersuite attempt | off | off | drop |
1 | 33793 | SERVER-OTHER | SSL request for export grade ciphersuite attempt | off | off | drop |
1 | 33794 | SERVER-OTHER | SSL export grade ciphersuite server negotiation attempt | off | off | drop |
1 | 33795 | SERVER-OTHER | SSL export grade ciphersuite server negotiation attempt | off | off | drop |
1 | 33796 | SERVER-OTHER | SSL export grade ciphersuite server negotiation attempt | off | off | drop |
1 | 33797 | SERVER-OTHER | SSL export grade ciphersuite server negotiation attempt | off | off | drop |
1 | 33798 | SERVER-OTHER | SSL export grade ciphersuite server negotiation attempt | off | off | drop |
1 | 33799 | SERVER-OTHER | SSL export grade ciphersuite server negotiation attempt | off | off | drop |
1 | 33800 | SERVER-OTHER | SSL export grade ciphersuite server negotiation attempt | off | off | drop |
1 | 33801 | SERVER-OTHER | SSL request for export grade ciphersuite attempt | off | off | drop |
1 | 33802 | SERVER-OTHER | SSL request for export grade ciphersuite attempt | off | off | drop |
1 | 33803 | SERVER-OTHER | SSL request for export grade ciphersuite attempt | off | off | drop |
1 | 33804 | SERVER-OTHER | SSL request for export grade ciphersuite attempt | off | off | drop |
1 | 33805 | SERVER-OTHER | SSL request for export grade ciphersuite attempt | off | off | drop |
1 | 33806 | SERVER-OTHER | SSL request for export grade ciphersuite attempt | off | off | drop |
1 | 34074 | BROWSER-IE | Microsoft Internet Explorer TextData object use after free attempt | off | drop | drop |
1 | 34075 | BROWSER-IE | Microsoft Internet Explorer TextData object use after free attempt | off | drop | drop |
1 | 34147 | FILE-FLASH | Adobe Flash Player ConvolutionFilter heap information disclosure attempt | off | drop | drop |
1 | 34148 | FILE-FLASH | Adobe Flash Player ConvolutionFilter heap information disclosure attempt | off | drop | drop |
1 | 34149 | FILE-FLASH | Adobe Flash Player ConvolutionFilter heap information disclosure attempt | off | drop | drop |
1 | 34150 | FILE-FLASH | Adobe Flash Player ConvolutionFilter heap information disclosure attempt | off | drop | drop |
1 | 34528 | FILE-PDF | Adobe Acrobat Reader AVDoc use-after-free attempt | off | drop | drop |
1 | 34529 | FILE-PDF | Adobe Acrobat Reader AVDoc use-after-free attempt | off | drop | drop |
1 | 34546 | FILE-PDF | Adobe Acrobat Reader PCR null pointer dereference attempt | off | drop | drop |
1 | 34547 | FILE-PDF | Adobe Acrobat Reader PCR null pointer dereference attempt | off | drop | drop |
1 | 34550 | FILE-PDF | Adobe Acrobat Reader JavaScript API trustPropagatorFunction execution bypass attempt | off | drop | drop |
1 | 34551 | FILE-PDF | Adobe Acrobat Reader JavaScript API trustPropagatorFunction execution bypass attempt | off | drop | drop |
1 | 34557 | FILE-PDF | Adobe Acrobat Reader embedded JavaScript remote code execution attempt | off | drop | drop |
1 | 34558 | FILE-PDF | Adobe Acrobat Reader embedded JavaScript remote code execution attempt | off | drop | drop |
GID | SID | Rule Group | Rule Message | Policy State | ||
---|---|---|---|---|---|---|
Con. | Bal. | Sec. | ||||
1 | 7513 | MALWARE-OTHER | Keylogger watchdog runtime detection - init connection | off | off | off |
1 | 7514 | MALWARE-OTHER | Keylogger watchdog runtime detection - send out info to server periodically | off | off | off |
1 | 7515 | MALWARE-OTHER | Keylogger watchdog runtime detection - remote monitoring | off | off | off |
1 | 19689 | FILE-FLASH | Adobe Flash Player ActionScript dynamic calculation double-free attempt | drop | drop | drop |
1 | 21653 | FILE-FLASH | Adobe Flash Player ActionScript getURL target null reference attempt | alert | alert | drop |
1 | 29835 | FILE-FLASH | Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt | drop | drop | drop |
1 | 29836 | FILE-FLASH | Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt | off | drop | drop |
GID | SID | Rule Group | Rule Message | Policy State | ||
---|---|---|---|---|---|---|
Con. | Bal. | Sec. | ||||
1 | 20269 | FILE-IDENTIFY | FON font file download request | off | off | off |