*** EX RELS 03341 Release *** Total number of signatures: 6024 Description ================================================================== In this signature, we addressed the exploits/vulnerabilities and applications as below: Added 14 rule(s): --------------- 1133896 SMB Samba Writeable Share Insecure Library Loading -4 (CVE-2017-7494) 1133897 WEB Apache Http2 Null Pointer Dereference (CVE-2017-7659) 1133898 RPC Oracle Solaris RPC Remote Code Exectution (CVE-2017-3623) 1133899 IMAP IBM Lotus Domino IMAP Server Buffer Overflow -2 (CVE-2007-3510) 1133900 FILE Nitro Pro PDF Reader Javascript API Remote Code Execution (CVE-2017-7442) 1133901 DNS ISC BIND RPZ Query Processing Denial of Service (CVE-2017-3140) 1133902 WEB VICIdial user_authorization Unauthenticated Command Execution 1133903 EXPLOIT HPE Intelligent Management Center imcwlandm UserName Stack Buffer Overflow (CVE-2017-5805) 1133904 EXPLOIT HPE Intelligent Management Center imcwlandm SSID Stack Buffer Overflow (CVE-2017-5806) 1133905 SMB Microsoft Windows Search Type Confusion -1 (CVE-2017-8260) 1133906 SMB Microsoft Windows Search Type Confusion -2.1 (CVE-2017-8260) 1133907 SMB Microsoft Windows Search Type Confusion -2.2 (CVE-2017-8260) 1160602 VOIP TeamSpeak access via SSL -1 1160603 MEDIA PPTV access via UDP -1 Modified 18 rule(s): --------------- 1053109 MEDIA PPTV access via TCP -2 1054160 MEDIA PPTV access via TCP -3 1057832 WEB PHP Arbitrary Code Injection -7 1058608 FILE Invalid XML Version -1 1060358 TCP port 161 traffic (eg. SNMP) 1060367 TCP port 201 traffic (eg. AppleTalk Routing Maintenance) 1063676 FILE Naver Cloud login via SSL -1 1065447 MEDIA iQIYI/PPS media via UDP -5 1066882 FILE Naver Cloud access via TCP -1 1067167 FILE Naver Cloud access via TCP -2 1067170 FILE Naver Cloud access via TCP -3 1067953 IM AIM/ICQ/iIM access via SSL -1 1069531 VOIP TeamSpeak login via UDP -3 1110433 IMAP IMAP SUBSCRIBE Command buffer overflow 1132092 FILE Invalid XML Version -2 1133774 FILE Microsoft LNK Remote Code Execution Vulnerability (CVE-2017-8464) 1133855 WEB GoAhead IPCam Remote Code Execution -2 1160101 IM AIM/ICQ/iIM access via SSL -4 Deleted 35 rule(s): --------------- 1056645 EXPLOIT Novell NFR Agent Heap Overflow Vulnerability (CVE-2012-4956) (old rule) 1056647 WEB Novell NFR Agent SRS Record Arbitrary Remote File Access (CVE-2012-4957) (old rule) 1056654 EXPLOIT EMC AutoStart ftAgent.exe Multiple Integer Overflow Vulnerabilities -3 (CVE-2012-0409) (old rule) 1056657 EXPLOIT EMC AutoStart ftAgent.exe Multiple Integer Overflow Vulnerabilities -6 (CVE-2012-0409) (old rule) 1056659 EXPLOIT EMC AutoStart ftAgent.exe Multiple Integer Overflow Vulnerabilities -8 (CVE-2012-0409) (old rule) 1056660 EXPLOIT EMC AutoStart ftAgent.exe Multiple Integer Overflow Vulnerabilities -9 (CVE-2012-0409) (old rule) 1056734 SMB Microsoft Print Spooler Service Format String Remote Code Execution (CVE-2012-1851) (old rule) 1056867 SSH Symantec Messaging Gateway Default SSH Password -2 (CVE-2012-3579) (old rule) 1056881 SSL GnuTLS TLS Record Application GenericBlockCipher Parsing Integer Overflow -3 (CVE-2012-1573) (old rule) 1056884 WEB Symantec Web Gateway blocked.php Blind SQL Injection -2(CVE-2012-2574) (old rule) 1057030 EXPLOIT Novell eDirectory NCP Stack Buffer Overflow (CVE-2012-0432) (old rule) 1057240 SSL GnuTLS libtasn1 ASN1 Length DER Decoding Buffer Overflow -3 (CVE-2012-1569) (old rule) 1057241 SSL GnuTLS libtasn1 ASN1 Length DER Decoding Buffer Overflow -4 (CVE-2012-1569) (old rule) 1057251 EXPLOIT CA ARCserve Backup Authentication Service Denial of Service (CVE-2012-2972) (old rule) 1057252 EXPLOIT Apple QuickTime TeXML Style Element Text Specification Buffer Overflow -1 (CVE-2012-3752) (old rule) 1057297 FILE WellinTech KingView KingMess Log File Parsing Buffer Overflow -1 (CVE-2012-4711) (old rule) 1057320 WEB-ACTIVEX Novell GroupWise Client for Windows ActiveX Code Execution -2 (CVE-2012-0439) (old rule) 1057321 WEB Webmin show.cgi Command Execution (CVE-2012-2982) (old rule) 1057328 WEB Apache HTTP Server mod_rpaf x-forwarded-for Denial of Service -2 (CVE-2012-3526) (old rule) 1057329 EXPLOIT FreeRADIUS Client Certificate Verification Stack Buffer Overflow (CVE-2012-3547) (old rule) 1057331 FILE Apple QuickTime Targa File Buffer Overflow -1 (CVE-2012-3755) (old rule) 1057333 WEB Avaya IP Office Customer Call Reporter ImageUpload.ashx Unrestricted File Upload -1 (CVE-2012-3811) (old rule) 1057334 WEB Avaya IP Office Customer Call Reporter ImageUpload.ashx Unrestricted File Upload -2 (CVE-2012-3811) (old rule) 1057340 WEB Apache Tomcat NIO Connector Denial of Service -1 (CVE-2012-4534) (old rule) 1057341 WEB Apache Tomcat NIO Connector Denial of Service -2 (CVE-2012-4534) (old rule) 1057348 RPC EMC NetWorker nsrindexd RPC Service Buffer Overflow -1 (CVE-2012-4607) (old rule) 1057368 FILE Adobe Camera Raw Plug-in TIFF Image Processing Buffer Underflow (CVE-2012-5679) (old rule) 1057487 EXPLOIT Portable SDK for UPnP Devices libupnp Device Service Name Stack Buffer -3 (CVE-2012-5958) (old rule) 1057651 SCADA 3S Smart Software Solutions CoDeSys Gateway Server Stack Buffer Overflow (CVE-2012-4708) (old rule) 1057758 FILE CoolPDF Reader Image Stream Processing Buffer Overflow -3 (CVE-2012-4914) (old rule) 1057759 FILE CoolPDF Reader Image Stream Processing Buffer Overflow -4 (CVE-2012-4914) (old rule) 1057808 WEB-ACTIVEX McAfee Virtual Technician ActiveX Control Insecure Method Exposure -1 (CVE-2012-5879) (old rule) 1067168 FILE Naver Ndrive transfer-upload via TCP -1 (old rule) 1067169 FILE Naver Ndrive transfer-download via TCP -1 (old rule) 1133891 EXPLOIT Zabbix Server Active Proxy Trapper Command Injection -2 (CVE-2017-2824) (old rule)