Rule Update
17-006 (February 7, 2017)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Backup Server IBM Tivoli Storage Manager FastBack Server
1007357* - IBM Tivoli Storage Manager FastBack Server Buffer Overflow (CVE-2015-1929)
DCERPC Services
1008123* - Microsoft Windows Local Security Authority Subsystem Service Denial Of Service Vulnerability (CVE-2016-7237)
DCERPC Services - Client
1008138* - Microsoft Windows SMB Tree Connect Response Denial Of Service Vulnerability (CVE-2017-0016)
DNS Client
1008128* - ISC BIND ANY Query Assertion Failure Vulnerability (CVE-2016-9131)
1008115* - ISC BIND DNAME Resource Records Denial Of Service Vulnerability (CVE-2016-1286)
Directory Server LDAP
1007360* - IBM Domino LDAP Server Remote Execution Vulnerability (CVE-2015-0117)
1008051* - Samba Active Directory Server Denial Of Service Vulnerability (CVE-2015-3223)
HP OpenView
1008110* - HP Data Protector Buffer Overflow Vulnerability (CVE-2016-2005)
1008114* - HP Data Protector Multiple Remote Code Execution Vulnerabilities
1008109* - HP Data Protector Remote Code Execution Vulnerability (CVE-2016-2007)
HP OpenView Network Node Manager
1007466* - HP OpenView Network Node Manager Ovalarmsrv Service Buffer Overflow (CVE-2008-1852)
Microsoft Office
1008075* - Microsoft Office Information Disclosure Vulnerability (CVE-2016-7264)
1008078* - Microsoft Office Memory Corruption Vulnerability (CVE-2016-7289)
NTP Server Linux
1007383* - NTP Configuration Directive File Overwrite Vulnerability (CVE-2015-7703)
1007399* - NTP Long Control Packet Message Denial Of Service Vulnerability (CVE-2015-7855)
1008091* - NTP Oversized UDP Packet Denial Of Service Vulnerability (CVE-2016-9312)
Suspicious Client Application Activity
1005067* - Identified Potentially Harmful Client Traffic
1005283* - Identified Potentially Malicious RAT Traffic - I
1005299* - Identified Potentially Malicious RAT Traffic - III
1005300* - Identified Potentially Malicious RAT Traffic - IV
1005473* - Identified Potentially Malicious RAT Traffic - V
1006247* - Identified Potentially Malicious RAT Traffic - VI
1007116* - VMware vCenter Java JMX Server Insecure Configuration Java Code Execution Vulnerability
Suspicious Server Application Activity
1005974* - Identified DNS Reflected Denial Of Service
1006560* - Identified Microsoft SQL Server Resolution Service Distributed Denial Of Service Attack
1006240* - Identified NTP Reflected Denial Of Service
1005090* - Identified Potentially Harmful Server Traffic
1005957* - Identified SNMP Reflected Denial Of Service
1005910* - Identified ntpd 'monlist' Query Reflected Denial Of Service Attack
1005517* - Restrict Maximum Packet (Transport Data Length) Size
Unix Kerberos
1008095 - MIT Kerberos 'kadmin' DB Denial Of Service Vulnerability (CVE-2016-3119)
Web Application PHP Based
1007178* - WordPress Font Plugin Path Traversal Vulnerability (CVE-2015-7683)
1008132 - phpMyAdmin RegEx Pattern Modifier Code Injection Vulnerability (CVE-2016-5734)
Web Client Common
1008124* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-01) - 1
1008121* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-01) - 2
1008133* - Cisco WebEx Plugin Magic URL Arbitrary Remote Command Execution Vulnerability
1004114* - Identified Malicious Adobe SWF File
1008139 - Linux Kernel Use After Free Remote Code Execution Vulnerability (CVE-2016-7117)
1008068* - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2016-7272)
1008052* - Mozilla Firefox SVG Animation Use After Free Vulnerability (CVE-2016-9079)
Web Proxy Squid
1008103* - Squid Proxy ESI Response Handler Buffer Overflow Vulnerability (CVE-2016-4054)
1008101 - Squid Proxy ESI Response Processing Denial Of Service Vulnerability (CVE-2016-4555)
Web Server Common
1000473* - Parameter Name Length Restriction
Web Server Miscellaneous
1008120* - Apache Jetspeed Portal Site Manager ZIP File Upload Directory Traversal (CVE-2016-0709)
1008129 - IBM WebSphere Application Server Remote Code Execution Vulnerability (CVE-2016-5983)
1008097 - Identified Apache Struts Incorrect Default 'excludeParams' Security Bypass Vulnerability
1008093 - Oracle GlassFish Server Username And Password Brute Force Vulnerability (CVE-2011-0807)
Web Server Oracle HTTPS
1003212* - Oracle Secure Backup exec_qr() Command Injection Vulnerability
Windows Services RPC Client DCERPC
1007538* - Windows Client Port Mapper Decoder
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Backup Server IBM Tivoli Storage Manager FastBack Server
1007357* - IBM Tivoli Storage Manager FastBack Server Buffer Overflow (CVE-2015-1929)
DCERPC Services
1008123* - Microsoft Windows Local Security Authority Subsystem Service Denial Of Service Vulnerability (CVE-2016-7237)
DCERPC Services - Client
1008138* - Microsoft Windows SMB Tree Connect Response Denial Of Service Vulnerability (CVE-2017-0016)
DNS Client
1008128* - ISC BIND ANY Query Assertion Failure Vulnerability (CVE-2016-9131)
1008115* - ISC BIND DNAME Resource Records Denial Of Service Vulnerability (CVE-2016-1286)
Directory Server LDAP
1007360* - IBM Domino LDAP Server Remote Execution Vulnerability (CVE-2015-0117)
1008051* - Samba Active Directory Server Denial Of Service Vulnerability (CVE-2015-3223)
HP OpenView
1008110* - HP Data Protector Buffer Overflow Vulnerability (CVE-2016-2005)
1008114* - HP Data Protector Multiple Remote Code Execution Vulnerabilities
1008109* - HP Data Protector Remote Code Execution Vulnerability (CVE-2016-2007)
HP OpenView Network Node Manager
1007466* - HP OpenView Network Node Manager Ovalarmsrv Service Buffer Overflow (CVE-2008-1852)
Microsoft Office
1008075* - Microsoft Office Information Disclosure Vulnerability (CVE-2016-7264)
1008078* - Microsoft Office Memory Corruption Vulnerability (CVE-2016-7289)
NTP Server Linux
1007383* - NTP Configuration Directive File Overwrite Vulnerability (CVE-2015-7703)
1007399* - NTP Long Control Packet Message Denial Of Service Vulnerability (CVE-2015-7855)
1008091* - NTP Oversized UDP Packet Denial Of Service Vulnerability (CVE-2016-9312)
Suspicious Client Application Activity
1005067* - Identified Potentially Harmful Client Traffic
1005283* - Identified Potentially Malicious RAT Traffic - I
1005299* - Identified Potentially Malicious RAT Traffic - III
1005300* - Identified Potentially Malicious RAT Traffic - IV
1005473* - Identified Potentially Malicious RAT Traffic - V
1006247* - Identified Potentially Malicious RAT Traffic - VI
1007116* - VMware vCenter Java JMX Server Insecure Configuration Java Code Execution Vulnerability
Suspicious Server Application Activity
1005974* - Identified DNS Reflected Denial Of Service
1006560* - Identified Microsoft SQL Server Resolution Service Distributed Denial Of Service Attack
1006240* - Identified NTP Reflected Denial Of Service
1005090* - Identified Potentially Harmful Server Traffic
1005957* - Identified SNMP Reflected Denial Of Service
1005910* - Identified ntpd 'monlist' Query Reflected Denial Of Service Attack
1005517* - Restrict Maximum Packet (Transport Data Length) Size
Unix Kerberos
1008095 - MIT Kerberos 'kadmin' DB Denial Of Service Vulnerability (CVE-2016-3119)
Web Application PHP Based
1007178* - WordPress Font Plugin Path Traversal Vulnerability (CVE-2015-7683)
1008132 - phpMyAdmin RegEx Pattern Modifier Code Injection Vulnerability (CVE-2016-5734)
Web Client Common
1008124* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-01) - 1
1008121* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-01) - 2
1008133* - Cisco WebEx Plugin Magic URL Arbitrary Remote Command Execution Vulnerability
1004114* - Identified Malicious Adobe SWF File
1008139 - Linux Kernel Use After Free Remote Code Execution Vulnerability (CVE-2016-7117)
1008068* - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2016-7272)
1008052* - Mozilla Firefox SVG Animation Use After Free Vulnerability (CVE-2016-9079)
Web Proxy Squid
1008103* - Squid Proxy ESI Response Handler Buffer Overflow Vulnerability (CVE-2016-4054)
1008101 - Squid Proxy ESI Response Processing Denial Of Service Vulnerability (CVE-2016-4555)
Web Server Common
1000473* - Parameter Name Length Restriction
Web Server Miscellaneous
1008120* - Apache Jetspeed Portal Site Manager ZIP File Upload Directory Traversal (CVE-2016-0709)
1008129 - IBM WebSphere Application Server Remote Code Execution Vulnerability (CVE-2016-5983)
1008097 - Identified Apache Struts Incorrect Default 'excludeParams' Security Bypass Vulnerability
1008093 - Oracle GlassFish Server Username And Password Brute Force Vulnerability (CVE-2011-0807)
Web Server Oracle HTTPS
1003212* - Oracle Secure Backup exec_qr() Command Injection Vulnerability
Windows Services RPC Client DCERPC
1007538* - Windows Client Port Mapper Decoder
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more