* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2017-01-09-001
Previous SRU number: 2017-01-05-001
Applies to:
This SEU number: 1594
Previous SEU: 1593
Applies to:
This is the complete list of rules modified in SRU 2017-01-09-001 and SEU 1594.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
GID | SID | Rule Group | Rule Message | Policy State | ||
---|---|---|---|---|---|---|
Con. | Bal. | Sec. | ||||
1 | 17549 | BROWSER-IE | Microsoft Internet Explorer Error Handling Code Execution | off | off | off |
3 | 24973 | NETBIOS | SMB Trans2 FIND_FIRST2 response file name length overflow attempt | off | off | drop |
1 | 26021 | FILE-PDF | Adobe Acrobat Reader XML Java used in app.setTimeOut | off | drop | drop |
1 | 28240 | SERVER-WEBAPP | D-Link DIR-100 User-Agent backdoor access attempt | off | off | drop |
1 | 33419 | BROWSER-IE | Microsoft Internet Explorer CTreePos use after free attempt | off | drop | drop |
1 | 33420 | BROWSER-IE | Microsoft Internet Explorer CTreePos use after free attempt | off | drop | drop |
1 | 34479 | FILE-EXECUTABLE | Adobe Flash Player Internet Explorer broker process directory traversal attempt | off | off | off |
1 | 34480 | FILE-EXECUTABLE | Adobe Flash Player Internet Explorer broker process directory traversal attempt | off | off | off |
1 | 36873 | FILE-FLASH | Adobe Flash Player AS2 ActionCallMethod use-after-free attempt | off | drop | drop |
1 | 36874 | FILE-FLASH | Adobe Flash Player AS2 ActionCallMethod use-after-free attempt | off | drop | drop |
1 | 37009 | BROWSER-IE | Microsoft Internet Explorer TextBlock object use after free attempt | off | drop | drop |
1 | 37010 | BROWSER-IE | Microsoft Internet Explorer TextBlock object use after free attempt | off | drop | drop |
1 | 37069 | FILE-FLASH | Adobe Flash Player object Filters type confusion use after free attempt | off | drop | drop |
1 | 37070 | FILE-FLASH | Adobe Flash Player object Filters type confusion use after free attempt | off | drop | drop |
1 | 38081 | BROWSER-IE | Microsoft Internet Explorer SetItem use after free attempt | off | drop | drop |
1 | 38082 | BROWSER-IE | Microsoft Internet Explorer SetItem use after free attempt | off | drop | drop |
1 | 38225 | FILE-FLASH | Adobe Flash Player invalid FLV header out of bounds write attempt | off | off | drop |
1 | 38226 | FILE-FLASH | Adobe Flash Player invalid FLV header out of bounds write attempt | off | off | drop |
3 | 38323 | FILE-OTHER | TRUFFLEHUNTER TALOS-CAN-0093 attack attempt | off | off | off |
3 | 38324 | FILE-OTHER | TRUFFLEHUNTER TALOS-CAN-0093 attack attempt | off | off | off |
1 | 38507 | BROWSER-IE | Microsoft Internet Explorer ConvertStringFromUnicodeEx out of bounds write attempt | off | drop | drop |
1 | 38508 | BROWSER-IE | Microsoft Internet Explorer ConvertStringFromUnicodeEx out of bounds write attempt | off | drop | drop |
1 | 38980 | FILE-PDF | Adobe Acrobat Reader malformed FlateDecode stream use after free attempt | off | drop | drop |
1 | 38981 | FILE-PDF | Adobe Acrobat Reader malformed FlateDecode stream use after free attempt | off | drop | drop |
1 | 39100 | FILE-PDF | Adobe Reader Universal 3D engine out of bounds memory access violation attempt | off | off | drop |
1 | 39101 | FILE-PDF | Adobe Reader Universal 3D engine out of bounds memory access violation attempt | off | off | drop |
1 | 39131 | FILE-PDF | Adobe Acrobat Reader Acroform engine memory corruption attempt | off | drop | drop |
1 | 39132 | FILE-PDF | Adobe Acrobat Reader Acroform engine memory corruption attempt | off | drop | drop |
1 | 39308 | FILE-FLASH | Adobe Flash Player malformed ATF file length load buffer overflow attempt | off | drop | drop |
1 | 39309 | FILE-FLASH | Adobe Flash Player malformed ATF file length load buffer overflow attempt | off | drop | drop |
1 | 39318 | FILE-FLASH | Adobe Flash Player ShimOpportunityGenerator out of bounds memory access attempt | off | drop | drop |
1 | 39319 | FILE-FLASH | Adobe Flash Player ShimOpportunityGenerator out of bounds memory access attempt | off | drop | drop |
1 | 39656 | FILE-FLASH | Adobe Flash Player JPEG handling memory corruption attempt | off | drop | drop |
1 | 39657 | FILE-FLASH | Adobe Flash Player JPEG handling memory corruption attempt | off | drop | drop |
1 | 39658 | FILE-FLASH | Adobe Flash Player Transform getter use after free attempt | off | drop | drop |
1 | 39659 | FILE-FLASH | Adobe Flash Player Transform getter use after free attempt | off | drop | drop |
1 | 39703 | FILE-PDF | Adobe Flash Player ActionScript setFocus use after free attempt | off | drop | drop |
1 | 39704 | FILE-PDF | Adobe Flash Player ActionScript setFocus use after free attempt | off | drop | drop |
1 | 40431 | FILE-PDF | Adobe Acrobat Reader XML Java used in app.setTimeOut | off | drop | drop |
3 | 40934 | FILE-EXECUTABLE | TRUFFLEHUNTER TALOS-2016-0217 attack attempt | off | drop | drop |
3 | 40935 | FILE-EXECUTABLE | TRUFFLEHUNTER TALOS-2016-0217 attack attempt | off | drop | drop |
GID | SID | Rule Group | Rule Message | Policy State | ||
---|---|---|---|---|---|---|
Con. | Bal. | Sec. | ||||
1 | 38810 | FILE-OFFICE | Microsoft Office wwlib out of bounds memory access attempt | off | off | drop |
1 | 38811 | FILE-OFFICE | Microsoft Office wwlib out of bounds memory access attempt | off | off | drop |
1 | 38812 | FILE-OFFICE | Microsoft Office wwlib out of bounds memory access attempt | off | off | drop |
1 | 38813 | FILE-OFFICE | Microsoft Office wwlib out of bounds memory access attempt | off | off | drop |
1 | 38814 | FILE-OFFICE | Microsoft Office wwlib out of bounds memory access attempt | off | off | drop |
1 | 38815 | FILE-OFFICE | Microsoft Office wwlib out of bounds memory access attempt | off | off | drop |
1 | 40759 | OS-WINDOWS | Microsoft Windows LSASS GSS-API DER decoding null pointer dereference attempt | off | off | drop |