Cisco Talos (VRT) Update for Sourcefire 3D System

* Talos combines our security experts from TRAC, SecApps, and VRT teams.

Date: 2015-12-22

This SRU number: 2015-12-22-001
Previous SRU number: 2015-12-21-003

Applies to:

This SEU number: 1401
Previous SEU: 1400

Applies to:

This is the complete list of rules added in SRU 2015-12-22-001 and SEU 1401.

The format of the file is:

GID - SID - Rule Group - Rule Message - Policy State

The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.

The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.

Note: Unless stated explicitly, the rules are for the series of products listed above.

New Rules:

High Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.
137147SERVER-OTHERSeagate GoFlex Satellite hidden credentials authentication attemptoffoffdrop
137148SERVER-WEBAPPWordPress Gallery Objects Plugin viewid SQL injection attemptoffoffoff
137149FILE-FLASHAdobe Flash Player MP3 ID3 data parsing heap buffer overflow attemptoffdropdrop
137150FILE-FLASHAdobe Flash Player MP3 ID3 data parsing heap buffer overflow attemptoffdropdrop
137151FILE-MULTIMEDIAMicrosoft Windows DirectX malformed mjpeg arbitrary code execution attemptoffoffoff
137152FILE-MULTIMEDIAMicrosoft Windows DirectX malformed mjpeg arbitrary code execution attemptoffoffoff
137153FILE-MULTIMEDIAMicrosoft Windows DirectX malformed mjpeg arbitrary code execution attemptoffoffoff
137156FILE-FLASHAdobe Flash Player SharedObject send stack buffer overflow attemptoffdropdrop
137157FILE-FLASHAdobe Flash Player SharedObject send stack buffer overflow attemptoffdropdrop
137158FILE-FLASHAdobe Flash Player SharedObject send stack buffer overflow attemptoffdropdrop
137159FILE-FLASHAdobe Flash Player SharedObject send stack buffer overflow attemptoffdropdrop
137160FILE-FLASHAdobe Flash Player oversize source bitmap memory corruption attemptoffdropdrop
137161FILE-FLASHAdobe Flash Player oversize source bitmap memory corruption attemptoffdropdrop
137162FILE-FLASHAdobe Flash Player oversize source bitmap memory corruption attemptoffdropdrop
137163FILE-FLASHAdobe Flash Player oversize source bitmap memory corruption attemptoffdropdrop
137164MALWARE-CNCWin.Trojan.Hpastal outbound email attemptoffdropdrop
137165FILE-FLASHAdobe Flash Player URLStream use after free attemptoffdropdrop
137166FILE-FLASHAdobe Flash Player URLStream use after free attemptoffdropdrop
137167FILE-FLASHAdobe Flash Player URLStream use after free attemptoffdropdrop
137168FILE-FLASHAdobe Flash Player URLStream use after free attemptoffdropdrop
137177FILE-FLASHAdobe Flash Player M3U8 parser logic memory corruption attemptoffdropdrop
137178FILE-FLASHAdobe Flash Player M3U8 parser logic memory corruption attemptoffdropdrop
137179FILE-FLASHAdobe Flash Player M3U8 parser logic memory corruption attemptoffdropdrop
137180FILE-FLASHAdobe Flash Player M3U8 parser logic memory corruption attemptoffdropdrop
137181FILE-FLASHAdobe Flash Player String null check memory corruption attemptoffdropdrop
137182FILE-FLASHAdobe Flash Player String null check memory corruption attemptoffdropdrop
137183FILE-FLASHAdobe Flash Player TextFormat.tabStops use after free attemptoffdropdrop
137184FILE-FLASHAdobe Flash Player TextFormat.tabStops use after free attemptoffdropdrop
137185FILE-FLASHAdobe Flash Player TextFormat.tabStops use after free attemptoffdropdrop
137186FILE-FLASHAdobe Flash Player TextFormat.tabStops use after free attemptoffdropdrop
137187FILE-FLASHAdobe Flash Player TextFormat.tabStops use after free attemptoffdropdrop
137188FILE-FLASHAdobe Flash Player TextFormat.tabStops use after free attemptoffdropdrop
137189FILE-FLASHAdobe Flash Player TextFormat.tabStops use after free attemptoffdropdrop
137190FILE-FLASHAdobe Flash Player TextFormat.tabStops use after free attemptoffdropdrop
137191FILE-FLASHAdobe Flash Player TextFormat.tabStops use after free attemptoffdropdrop
137192FILE-FLASHAdobe Flash Player TextFormat.tabStops use after free attemptoffdropdrop
137193FILE-FLASHAdobe Flash Player TextFormat.tabStops use after free attemptoffdropdrop
137194FILE-FLASHAdobe Flash Player TextFormat.tabStops use after free attemptoffdropdrop
Medium Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.
137154SERVER-OTHEROpenSSL invalid RSASSA-PSS certificate denial of service attemptoffoffoff
137155SERVER-OTHEROpenSSL invalid RSASSA-PSS certificate denial of service attemptoffoffoff
137169FILE-FLASHAdobe Flash Player heap memory disclosure via custom valueOf handler attemptoffdropdrop
137170FILE-FLASHAdobe Flash Player heap memory disclosure via custom valueOf handler attemptoffdropdrop
137171FILE-FLASHAdobe Flash Player heap memory disclosure via custom valueOf handler attemptoffdropdrop
137172FILE-FLASHAdobe Flash Player heap memory disclosure via custom valueOf handler attemptoffdropdrop
137173FILE-FLASHAdobe Flash Player heap memory disclosure via custom valueOf handler attemptoffdropdrop
137174FILE-FLASHAdobe Flash Player heap memory disclosure via custom valueOf handler attemptoffdropdrop
137175FILE-FLASHAdobe Flash Player heap memory disclosure via custom valueOf handler attemptoffdropdrop
137176FILE-FLASHAdobe Flash Player heap memory disclosure via custom valueOf handler attemptoffdropdrop

Updated Rules:

Updated rules can be found at this link.