*** EX RELS 03344 Release ***
Total number of signatures: 6032

Description
==================================================================
In this signature, we addressed the exploits/vulnerabilities
and applications as below:


Added 8 rule(s):
---------------
1133974	FILE Adobe Flash Player Memory Corruption (CVE-2017-11282)
1133975	FILE Adobe Flash Player Memory Corruption (CVE-2017-11281)
1133978	WEB D-Link DIR-850L inet_ipv4 Command Injection Vulnerability
1133981	FILE Microsoft Office Composite Moniker CVE-2017-8570 Code Execution (CVE-2017-8570)
1133985	DB PostgreSQL Database Core Server non-libpq Client Policy Bypass (CVE-2017-7546)
1133988	WEB D-Link Multiple Product hnap Remote Code Execution
1133997	RPC Oracle Solaris RPC CVE-2017-3623 Heap Buffer Overflow -1 (CVE-2017-3623)
1134002	WEB-CLIENT Microsoft .NET Framework Remote Code Execution Vulnerability (CVE-2017-8759)

Modified 153 rule(s):
---------------
1049802	WEB Directory Traversal -4
1053478	TCP port 3 traffic (eg. Compression Process)
1053480	TCP port 7 traffic (eg. Echo)
1053486	TCP port 19 traffic (eg. Character Generator)
1053493	UDP port 22 traffic (eg. Secure Shell (SSH))
1053496	UDP port 3 traffic (eg. Compression Process)
1053498	UDP port 7 traffic (eg. Echo)
1053499	UDP port 9 traffic (eg. Discard)
1053501	UDP port 13 traffic (eg. NTP)
1053504	UDP port 19 traffic (eg. Character Generator)
1053508	UDP port 37 traffic (eg. NTP)
1053520	TCP port 53 traffic (eg. DNS)
1053521	UDP port 53 traffic (eg. DNS)
1053526	TCP port 58 traffic (eg. XNS Mail)
1053527	UDP port 58 traffic (eg. XNS Mail)
1053528	UDP port 67 traffic (eg. BOOTP)
1053529	UDP port 68 traffic (eg. BOOTP)
1053574	UDP port 138 traffic (eg. SMB)
1053575	UDP port 137 traffic (eg. NBNS)
1056078	WEB Hashtable Collisions
1060293	TCP port 554 traffic (eg. RTSP)
1060294	UDP port 554 traffic (eg. RTSP)
1060296	TCP port 57 traffic (eg. MTP, Mail Transfer Protocol)
1060301	TCP port 556 traffic (eg. Remote File System)
1060303	TCP port 158 traffic (eg. Distributed Mail Service Protocol)
1060304	UDP port 158 traffic (eg. Distributed Mail Service Protocol)
1060307	TCP port 323 traffic (eg. Internet Message Mapping Protocol )
1060308	UDP port 323 traffic (eg. Internet Message Mapping Protocol )
1060309	TCP port 402 traffic (eg. Altiris Deployment Client)
1060311	TCP port 411 traffic (eg. DirectConnect)
1060312	TCP port 412 traffic (eg. DirectConnect)
1060314	TCP port 502 traffic (eg. Modbus)
1060315	UDP port 502 traffic (eg. Modbus)
1060318	UDP port 115 traffic (eg. Ndmp)
1060320	UDP port 117 traffic (eg. UUCP)
1060321	TCP port 652 traffic (eg. Dynamic Tunnel Configuration Protocol)
1060329	TCP port 783 traffic (eg. SpamAssassin)
1060330	TCP port 829 traffic (eg. Certificate Management Protocol)
1060333	TCP port 901 traffic (eg. SWAT)
1060334	TCP port 119 traffic (eg. NNTP)
1060340	TCP port 981 traffic (eg. SofaWare)
1060341	TCP port 999 traffic (eg. ScimoreDB)
1060343	UDP port 135 traffic (eg. DCE endpoint resolution)
1060349	UDP port 139 traffic (eg. NetBIOS)
1060350	TCP port 143 traffic (eg. IMAP4)
1060351	UDP port 143 traffic (eg. IMAP4)
1060352	TCP port 152 traffic (eg. Background File Transfer)
1060353	UDP port 152 traffic (eg. Background File Transfer)
1060356	TCP port 156 traffic (eg. MSSQL)
1060357	UDP port 156 traffic (eg. MSSQL)
1060359	UDP port 161 traffic (eg. SNMP)
1060361	UDP port 162 traffic (eg. SNMP)
1060369	TCP port 209 traffic (eg. Quick Mail)
1060370	UDP port 209 traffic (eg. Quick Mail)
1060375	TCP port 563 traffic (eg. NNTP)
1060376	UDP port 563 traffic (eg. NNTP)
1060377	TCP port 220 traffic (eg. IMAP4)
1060378	UDP port 220 traffic (eg. IMAP4)
1060384	TCP port 308 traffic (eg. Novastor)
1060391	TCP port 366 traffic (eg. ODMR)
1060392	UDP port 366 traffic (eg. ODMR)
1060393	TCP port 369 traffic (eg. Rpc2portmap )
1060394	UDP port 369 traffic (eg. Rpc2portmap )
1060397	TCP port 383 traffic (eg. HP data alarm manager)
1060398	UDP port 383 traffic (eg. HP data alarm manager)
1060409	TCP port 587 traffic (eg. SMTP)
1060412	TCP port 591 traffic (eg. FileMaker)
1060415	TCP port 593 traffic (eg. RPC, Remote procedure call)
1060416	UDP port 593 traffic (eg. RPC, Remote procedure call)
1060422	UDP port 636 traffic (eg. LDAP)
1060434	UDP port 666 traffic (eg. Doom)
1060436	TCP port 691 traffic (eg. MS Exchange Server)
1060437	TCP port 692 traffic (eg. Hyperwave)
1060443	TCP port 702 traffic (eg. IRIS, Internet Registry Information Service)
1060444	TCP port 706 traffic (eg. Secure Internet Live Conferencing)
1060445	TCP port 711 traffic (eg. Cisco protocol)
1060447	TCP port 749 traffic (eg. Kerberos)
1060448	UDP port 749 traffic (eg. Kerberos)
1060462	TCP port 873 traffic (eg. rsync)
1060464	UDP port 953 traffic (eg. DNS)
1060466	UDP port 989 traffic (eg. FTP Secure)
1060468	UDP port 990 traffic (eg. FTP Secure)
1060472	UDP port 992 traffic (eg. Telnet)
1060476	UDP port 445 traffic (eg. SMB File Transfer)
1060477	TCP port 464 traffic (eg. Kerberos)
1060478	UDP port 464 traffic (eg. Kerberos)
1060485	UDP port 512 traffic (eg. Biff)
1060489	UDP port 514 traffic (eg. SYSLOG)
1060502	TCP port 540 traffic (eg. UUCP)
1060505	TCP port 543 traffic (eg. Kerberos)
1060506	TCP port 544 traffic (eg. Kerberos)
1060508	UDP port 546 traffic (eg. DHCPv6)
1060510	UDP port 547 traffic (eg. DHCPv6)
1060735	TCP port 8081 traffic (eg. HTTP)
1060782	TCP port 1526 traffic (eg. Oracle)
1060783	TCP port 1521 traffic (eg. Oracle)
1060784	TCP port 3872 traffic (eg. Oracle)
1060785	TCP port 2484 traffic (eg. Oracle)
1060786	UDP port 2484 traffic (eg. Oracle)
1060787	TCP port 2483 traffic (eg. Oracle)
1060788	UDP port 2483 traffic (eg. Oracle)
1060789	TCP port 2030 traffic (eg. Oracle)
1060790	TCP port 5432 traffic (eg. PostgreSQL)
1060791	UDP port 5432 traffic (eg. PostgreSQL)
1060796	TCP port 4993 traffic (eg. FTP Applications)
1060797	UDP port 4993 traffic (eg. FTP Applications)
1060800	TCP port 7777 traffic (eg. ICQ/AIM/iChat(Mac))
1060811	TCP port 6679 traffic (eg. IRC)
1060825	TCP port 8080 traffic (eg. HTTP)
1060854	UDP port 1194 traffic (eg. OpenVPN)
1060856	UDP port 4662 traffic (eg. MobileMe)
1060911	TCP port 2700-2800 traffic (eg. KNOwShowGo P2P)
1060913	TCP port 1337 traffic (eg. PowerFolder )
1060914	TCP port 2710 traffic (eg. XBT Client)
1060915	UDP port 2710 traffic (eg. XBT Client)
1060936	TCP port 8008 traffic (eg. IBM HTTP)
1060957	TCP port 1512 traffic (eg. Microsoft WINS)
1061034	TCP port 1025 traffic (eg. NFS)
1061035	UDP port 4069 traffic (eg. Minger)
1061164	UDP port 2001 traffic (eg. CAPTAN)
1061178	TCP port 28960 traffic (eg. Call of Duty 4)
1061332	UDP port 4226 traffic (eg. Aleph One)
1061335	TCP port 31456 traffic (eg. TetriNET)
1061347	TCP port 10308 traffic (eg. Lock-on)
1061348	TCP port 3030 traffic (eg. NetPanzer)
1061349	UDP port 3030 traffic (eg. NetPanzer)
1061361	UDP port 3978 traffic (eg. OpenTTD)
1061380	UDP port 2200 traffic (eg. Tuxanci)
1061460	TCP port 27015 traffic (eg. Half-Life)
1061560	TCP port 1109 traffic (eg. Kerberos)
1062407	TCP port 118 traffic (eg. MSSQL)
1062408	UDP port 118 traffic (eg. MSSQL)
1062409	TCP port 1433 traffic (eg. MSSQL)
1062410	UDP port 1434 traffic (eg. MSSQL)
1062411	TCP port 3306 traffic (eg. MySQL)
1062413	TCP port 6432 traffic (eg. PgBouncer)
1062414	TCP port 19812 traffic (eg. 4D Database)
1132591	TELNET Brute Force Login -1.1021
1132763	WEB-CLIENT Suspicious HTML Iframe Tag -21 (Ransomware Attack Vector)
1133905	SMB Microsoft Windows Search Type Confusion -1 (CVE-2017-8620)
1133906	SMB Microsoft Windows Search Type Confusion -2.1 (CVE-2017-8620)
1133907	SMB Microsoft Windows Search Type Confusion -2.2 (CVE-2017-8620)
1133964	WEB Apache Struts 2 REST plugin Remote Code Execution (CVE-2017-9805)
1190000	TCP port 2375 traffic (eg. Docker)
1190001	TCP port 2376 traffic (eg. Docker)
1190002	TCP port 6881-6889 traffic (eg. BitTorrent)
1190003	TCP port 51413 traffic (eg. BitTorrent-Transmission)
1190004	TCP port 4662 traffic (eg. eDonkey-eMule)
1190021	TCP port 1723 traffic (eg. pptp)
1190024	TCP port 5900 traffic (eg. VNC)
1190028	TCP port 1720 traffic (eg. h323q931)
1190029	TCP port 6001 traffic (eg. X11:1)
1190037	TCP port 5060 traffic (eg. SIP)

Deleted 3 rule(s):
---------------
1133949	FILE Microsoft LNK Remote Code Execution Vulnerability -2.1 (CVE-2017-8464) (old rule)
1133950	FILE JasPer jp2_decode Out of Bounds Read (CVE-2017-9782) (old rule)
1133951	FILE Microsoft LNK Remote Code Execution Vulnerability -2.2 (CVE-2017-8464) (old rule)