* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2017-03-22-001
Previous SRU number: 2017-03-20-001
Applies to:
This SEU number: 1633
Previous SEU: 1631
Applies to:
This is the complete list of rules added in SRU 2017-03-22-001 and SEU 1633.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 3 | 41909 | SERVER-OTHER | Cisco Software Cluster Management Protocol remote code execution attempt | drop | drop | drop |
| 3 | 41910 | SERVER-OTHER | Cisco Software Cluster Management Protocol remote code execution attempt | drop | drop | drop |
| 1 | 42049 | SERVER-WEBAPP | dnaLIMS viewAppletFsa.cgi directory traversal attempt | off | off | off |
| 1 | 42050 | SERVER-WEBAPP | dnaLIMS viewAppletFsa.cgi directory traversal attempt | off | off | off |
| 1 | 42052 | FILE-FLASH | Adobe Flash Player Primetime TVSDK memory corruption attempt | off | drop | drop |
| 1 | 42053 | FILE-FLASH | Adobe Flash Player Primetime TVSDK memory corruption attempt | off | drop | drop |
| 1 | 42054 | PROTOCOL-SCADA | Moxa get SNMP read string attempt | off | off | off |
| 1 | 42055 | PROTOCOL-SCADA | Moxa password retrieval attempt | off | off | off |
| 1 | 42056 | PROTOCOL-SCADA | Moxa password retrieval attempt | off | off | off |
| 1 | 42057 | PROTOCOL-SCADA | Moxa unlock function code attempt | off | off | off |
| 1 | 42058 | PROTOCOL-SCADA | Moxa unlock function code attempt | off | off | off |
| 1 | 42059 | MALWARE-CNC | Win.Ransomware.Sage variant outbound connection | off | drop | drop |
| 3 | 42061 | SERVER-WEBAPP | Cisco IOS XE webui software upgrade command injection attempt | off | off | drop |
| 1 | 42064 | SERVER-OTHER | kaskad SCADA daserver heap overflow exploitation attempt | off | off | off |
| 1 | 42065 | SERVER-OTHER | kaskad SCADA daserver heap overflow exploitation attempt | off | off | off |
| 1 | 42066 | SERVER-WEBAPP | Wordpress plugin arbitrary file deletion attempt | off | off | off |
| 1 | 42067 | POLICY-OTHER | Aviosys IP Power 9258 W2 management.asp information disclosure | off | off | off |
| 1 | 42068 | POLICY-OTHER | Aviosys IP Power 9258 W2 default login attempt | off | off | off |
| 3 | 42069 | SERVER-OTHER | Cisco IOS XE DHCP vendor class identifier format string exploit attempt | off | off | off |
| 1 | 42072 | SERVER-WEBAPP | Aultware pwStore denial of service attempt | off | off | off |
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 3 | 42051 | SERVER-OTHER | Cisco IOS autonomic networking discovery denial of service attempt | off | off | drop |
| 3 | 42060 | SERVER-OTHER | Cisco IOS DHCP client dummy XID denial of service attempt | off | off | off |
| 1 | 42062 | SERVER-WEBAPP | xArrow heap corruption exploitation attempt | off | off | off |
| 1 | 42063 | SERVER-WEBAPP | xArrow null pointer denial of service exploitation attempt | off | off | off |
| 3 | 42070 | SERVER-OTHER | Cisco IOS L2TP invalid message digest AVP denial of service attempt | off | off | off |
| 3 | 42071 | SERVER-WEBAPP | Cisco IOS XE webui denial of service attempt | off | off | off |
Updated rules can be found at this link.