* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2015-11-23-003
Previous SRU number: 2015-11-18-001
Applies to:
This SEU number: 1388
Previous SEU: 1384
Applies to:
This is the complete list of rules added in SRU 2015-11-23-003 and SEU 1388.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
GID | SID | Rule Group | Rule Message | Policy State | ||
---|---|---|---|---|---|---|
Con. | Bal. | Sec. | ||||
1 | 36854 | FILE-OTHER | IDEAL Administration IPJ file handling stack overflow attempt | off | off | off |
1 | 36855 | FILE-OTHER | Wireshark DECT packet dissector overflow attempt | off | drop | drop |
1 | 36856 | FILE-IMAGE | Microsoft Windows malformed WMF meta escape record memory corruption attempt | off | off | off |
1 | 36857 | FILE-OFFICE | Microsoft Office Excel WOpt record memory corruption attempt | off | off | off |
1 | 36858 | FILE-FLASH | Adobe Flash Player writeExternal type confusion attempt | off | drop | drop |
1 | 36859 | FILE-FLASH | Adobe Flash Player writeExternal type confusion attempt | off | drop | drop |
1 | 36860 | FILE-FLASH | Adobe Flash Player writeExternal type confusion attempt | off | drop | drop |
1 | 36861 | FILE-FLASH | Adobe Flash Player attachsound use-after-free attempt | off | drop | drop |
1 | 36862 | FILE-FLASH | Adobe Flash Player attachsound use-after-free attempt | off | drop | drop |
1 | 36863 | FILE-FLASH | Adobe Flash Player attachsound use-after-free attempt | off | drop | drop |
1 | 36864 | FILE-FLASH | Adobe Flash Player attachsound use-after-free attempt | off | drop | drop |
1 | 36865 | BROWSER-PLUGINS | IDAutomation IDAuto.BarCode ActiveX clsid access attempt | off | off | drop |
1 | 36866 | BROWSER-PLUGINS | IDAutomation IDAuto.Datamatrix ActiveX clsid access attempt | off | off | drop |
1 | 36867 | BROWSER-PLUGINS | IDAutomation IDAuto.Datamatrix ActiveX clsid access attempt | off | off | drop |
1 | 36868 | BROWSER-PLUGINS | IDAutomation IDAuto.BarCode ActiveX clsid access attempt | off | off | drop |
1 | 36869 | BROWSER-PLUGINS | IDAutomation IDAuto.PDF417 ActiveX clsid access attempt | off | off | drop |
1 | 36870 | BROWSER-PLUGINS | IDAutomation IDAuto.PDF417 ActiveX clsid access attempt | off | off | drop |
1 | 36871 | BROWSER-PLUGINS | IDAutomation IDAuto.Aztec ActiveX clsid access attempt | off | off | drop |
1 | 36872 | BROWSER-PLUGINS | IDAutomation IDAuto.Aztec ActiveX clsid access attempt | off | off | drop |
1 | 36873 | FILE-FLASH | Adobe Flash Player AS2 ActionCallMethod use-after-free attempt | off | drop | drop |
1 | 36874 | FILE-FLASH | Adobe Flash Player AS2 ActionCallMethod use-after-free attempt | off | drop | drop |
1 | 36875 | FILE-FLASH | Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt | off | drop | drop |
1 | 36876 | FILE-FLASH | Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt | off | drop | drop |
1 | 36878 | FILE-FLASH | Adobe Flash Player SWF buffer overflow attempt | off | drop | drop |
1 | 36879 | FILE-FLASH | Adobe Flash Player SWF buffer overflow attempt | off | drop | drop |
1 | 36880 | FILE-FLASH | Adobe Flash Player byte array uncompress information disclosure attempt | drop | drop | drop |
1 | 36881 | FILE-FLASH | Adobe Flash Player byte array uncompress information disclosure attempt | drop | drop | drop |
1 | 36882 | FILE-FLASH | Adobe Flash Player byte array uncompress information disclosure attempt | drop | drop | drop |
1 | 36883 | FILE-FLASH | Adobe Flash Player byte array uncompress information disclosure attempt | drop | drop | drop |
1 | 36884 | FILE-IMAGE | Microsoft Windows Paint jpeg with malformed SOFx field integer overflow attempt | off | off | drop |
1 | 36885 | FILE-PDF | Adobe Acrobat font parsing integer overflow attempt | off | off | drop |
1 | 36886 | FILE-PDF | Adobe Acrobat font parsing integer overflow attempt | off | off | drop |
1 | 36887 | POLICY-OTHER | self-signed SSL certificate eDellRoot use attempt | off | off | off |
GID | SID | Rule Group | Rule Message | Policy State | ||
---|---|---|---|---|---|---|
Con. | Bal. | Sec. | ||||
1 | 36877 | NETBIOS | DCERPC BrightStor ARCserve corrupt user-supplied memory location attempt | off | off | off |
Updated rules can be found at this link.