Rule Update

17-001 (January 10, 2017)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

BIND RNDC
1008099 - ISC BIND rndc Control Channel Denial Of Service Vulnerability (CVE-2016-1285)


DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1008119 - Microsoft Windows Local Security Authority Subsystem Service (LSASS) Denial Of Service Vulnerability (CVE-2017-0004)


DCERPC Services - Client
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client


DNS Client
1008053* - ISC BIND DNAME Answer Handling Denial Of Service Vulnerability (CVE-2016-8864)
1007740* - ISC BIND Multiple DNS Cookies Denial Of Service Vulnerability (CVE-2016-2088)
1008085 - Nginx DNS UDP Packet Handler Crash Denial Of Service Vulnerability (CVE-2016-0742)


DNS Server
1008092 - ISC BIND Assertion Failure Denial Of Service Vulnerability (CVE-2016-2848)
1008105 - PowerDNS Authoritative Server Long Qname Denial Of Service Vulnerability (CVE-2016-5426)


Directory Server LDAP
1007360 - IBM Domino LDAP Server Remote Execution Vulnerability (CVE-2015-0117)
1007932* - Microsoft Windows Remote Code Execution Vulnerability (CVE-2016-3368)


ISC LightWeight DNS Resolver
1008100 - ISC BIND Long Name Query DOS Vulnerability (CVE-2016-2775)


Microsoft Office
1008116 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0003)


NTP Server Linux
1008040* - NTP AutoKey Malicious Message Multiple Denial Of Service Vulnerabilities
1007383* - NTP Configuration Directive File Overwrite Vulnerability (CVE-2015-7703)
1008086 - NTP Daemon CRYPTO_NAK Denial Of Service Vulnerability (CVE-2016-4957)
1008048* - NTP Mrulist Malicious Query Denial Of Service Vulnerability (CVE-2016-7434)


Novell GroupWise Admin Service
1006822* - Novell Groupwise "poLibMaintenanceFileSave" Security Bypass Vulnerability


SSL Client
1008088 - GnuTLS Libtasn1 ASN.1 DER Infinite Loop Denial Of Service Vulnerability (CVE-2016-4008) - Client


SSL/TLS Server
1008089 - GnuTLS Libtasn1 ASN.1 DER Infinite Loop Denial Of Service Vulnerability (CVE-2016-4008) - Server


Suspicious Client Ransomware Activity
1007704* - Ransomware Network Traffic - 1


Web Application Common
1008050 - ImageMagick Out Of Bounds Array Indexing Denial Of Service Vulnerability (CVE-2016-7799)
1008046 - ImageMagick SGI Coder Out Of Bounds Read Vulnerability (CVE-2016-7101)


Web Application PHP Based
1008096 - Identified Drupal Core system.temporary Information Disclosure Vulnerability
1008118 - Identified Suspicious Upload Of WordPress Plugin
1008038* - PHP GC ZipArchive Class Use After Free Vulnerability (CVE-2016-5773)


Web Client Common
1008049 - ImageMagick Out Of Bounds Array Indexing Denial Of Service Vulnerability (CVE-2016-7799) - 1
1008047 - ImageMagick SGI Coder Out Of Bounds Read Vulnerability (CVE-2016-7101) - 1
1007427* - Microsoft Windows DLL Loading Vulnerabilities Over WebDAV (MS16-014)
1008067* - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2016-7274)


Web Server Miscellaneous
1008001* - MongoDB Javascript Injection Collection Enumeration Vulnerability


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1003802* - Directory Server – Microsoft Windows Active Directory