Cisco Talos (VRT) Update for Sourcefire 3D System

* Talos combines our security experts from TRAC, SecApps, and VRT teams.

Date: 2017-12-07

This SRU number: 2017-12-06-001
Previous SRU number: 2017-12-04-001

Applies to:

This SEU number: 1767
Previous SEU: 1766

Applies to:

This is the complete list of rules added in SRU 2017-12-06-001 and SEU 1767.

The format of the file is:

GID - SID - Rule Group - Rule Message - Policy State

The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.

The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.

Note: Unless stated explicitly, the rules are for the series of products listed above.

New Rules:

High Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.
145109SERVER-WEBAPPOrientDB remote code execution attemptoffoffdrop
145110SERVER-WEBAPPOrientDB privilege escalation attemptoffoffdrop
145112SERVER-WEBAPPManageEngine Applications Manager showresource.do SQL injection attemptoffoffdrop
145113SERVER-WEBAPPManageEngine Applications Manager showresource.do SQL injection attemptoffoffdrop
145114MALWARE-CNCCatch-All malicious Chrome extension dropper outbound connectionoffdropdrop
145117SERVER-WEBAPPHuawei DeviceUpgrade command injection attemptoffdropdrop
Medium Priority
GIDSIDRule GroupRule MessagePolicy State
Con.Bal.Sec.
145107SERVER-OTHERFatek Automation PLC WinProladder buffer overflow attemptoffoffoff
145108PROTOCOL-RPCXDR string allocation denial of service attemptoffoffoff
145111SERVER-WEBAPPOrientDB database query attemptoffoffoff
145115SERVER-MAILMultiple products non-ascii sender address spoofing attemptoffoffdrop
145116SERVER-MAILMultiple products non-ascii sender address spoofing attemptoffoffdrop
145118SERVER-MAILMultiple products non-ascii sender address spoofing attemptoffdropdrop
145119SERVER-MAILMultiple products non-ascii sender address spoofing attemptoffdropdrop

Updated Rules:

Updated rules can be found at this link.