Rule Update
18-049 (September 4, 2018)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1002937* - Integer Overflow In IPP Service Vulnerability
1003824* - License Logging Server Heap Overflow Vulnerability
1004600* - Microsoft Active Directory 'BROWSER ELECTION' Buffer Overflow Vulnerability
1002931* - Microsoft Windows SMB Buffer Underflow Vulnerability
1000972* - Microsoft Windows svcctl ChangeServiceConfig2A() Memory Corruption Vulnerability
1003564* - Print Spooler Load Library Vulnerability
1004401* - Print Spooler Service Impersonation Vulnerability
1003985* - SMB Memory Corruption Vulnerability
1003984* - SMB NTLM Authentication Lack Of Entropy Vulnerability
1003979* - SMB Null Pointer Vulnerability
1003978* - SMB Pathname Overflow Vulnerability
1004346* - SMB Pool Overflow Vulnerability
1004355* - SMB Stack Exhaustion Vulnerability
1004641* - SMB Transaction Parsing Vulnerability (CVE-2011-0661)
1004348* - SMB Variable Validation Vulnerability
1003761* - SMBv2 Infinite Loop Vulnerability
1002975* - Server Service Vulnerability (wkssvc)
1004542* - Windows Netlogon Service Denial Of Service (CVE-2010-2742)
1003712* - Windows Vista SMB2.0 Negotiate Protocol Request Remote Code Execution
DCERPC Services - Client
1004566* - Identified Suspicious Microsoft DLL File Over Network Share
1004304* - Identified Suspicious Microsoft Windows Shortcut File Over Network Share
1004563* - Microsoft Windows 'CreateSizedDIBSECTION()' Thumbnail View Stack Buffer Overflow Vulnerability Over Network Share
1003832* - Microsoft Windows 'KeAccumulateTicks()' SMB2 Packet Remote Denial Of Service Vulnerability
1004053* - Microsoft Windows CHM Notepad Remote Code Execution
1004094* - SMB Client Memory Allocation Vulnerability
1004100* - SMB Client Message Size Vulnerability
1003973* - SMB Client Pool Corruption Vulnerability
1003980* - SMB Client Race Condition Vulnerability
1004096* - SMB Client Response Parsing Vulnerability
1004637* - SMB Client Response Parsing Vulnerability (CVE-2011-0660)
1004095* - SMB Client Transaction Vulnerability
DHCP Client
1000861* - Microsoft Windows DHCP Client Service Remote Code Execution
DNS Client
1002537* - Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability
1002358* - Adobe Multiple Products PDF JavaScript Method Buffer Overflow
1003328* - Disallow Intra-Site Automatic Tunnel Addressing Protocol
1003189* - Malware AGENT.BTZ Domain Blocker
1000468* - Microsoft Word Malformed Object Pointer Remote Code Execution
1003133* - Pointer Reference Memory Corruption Vulnerability Domain Blocker
Database Oracle
1009179* - Oracle Database Server 'ORACLE.EXE' Buffer Overflow Vulnerability (CVE-2003-0095)
1000407* - Oracle Database Server Buffer Overflow In Interval And Timestamp Functions
ISC DHCP OMAPI
1008902* - Identified Too Many DHCP OMAPI Connections
Microsoft Office
1009173 - Microsoft Excel Information Disclosure Vulnerability (CVE-2018-8163)
Web Application Common
1008959* - ImageMagick Multiple Security Vulnerabilities (Server) - 13
1008963 - ImageMagick Multiple Security Vulnerabilities (Server) - 16
1008972 - ImageMagick Multiple Security Vulnerabilities (Server) - 20
1008976 - ImageMagick Multiple Security Vulnerabilities (Server) - 22
1008978 - ImageMagick Multiple Security Vulnerabilities (Server) - 24
Web Application PHP Based
1009157 - Joomla Component Ekrishta SQL Injection Vulnerability (CVE-2018-12254)
1009263 - PHP 'exif_process_IFD_in_MAKERNOTE' Buffer Over Read Vulnerability (CVE-2018-14851)
1009261 - PHP 'exif_thumbnail_extract' Heap Overflow Vulnerability (CVE-2018-14883)
1008815 - PHP Heap Based Buffer Overflow Vulnerability (CVE-2017-16642)
Web Client Common
1008960 - ImageMagick Multiple Security Vulnerabilities (Client) - 16
1008971 - ImageMagick Multiple Security Vulnerabilities (Client) - 20
1008975 - ImageMagick Multiple Security Vulnerabilities (Client) - 22
1008977 - ImageMagick Multiple Security Vulnerabilities (Client) - 24
Web Server Common
1007185* - Java Unserialize Remote Code Execution Vulnerability
Web Server Miscellaneous
1009265* - Apache Struts OGNL Expression Remote Command Execution Vulnerability (CVE-2018-11776)
Windows Services RPC Server DCERPC
1003766* - Local Security Authority Subsystem Service Integer Overflow Vulnerability
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1002937* - Integer Overflow In IPP Service Vulnerability
1003824* - License Logging Server Heap Overflow Vulnerability
1004600* - Microsoft Active Directory 'BROWSER ELECTION' Buffer Overflow Vulnerability
1002931* - Microsoft Windows SMB Buffer Underflow Vulnerability
1000972* - Microsoft Windows svcctl ChangeServiceConfig2A() Memory Corruption Vulnerability
1003564* - Print Spooler Load Library Vulnerability
1004401* - Print Spooler Service Impersonation Vulnerability
1003985* - SMB Memory Corruption Vulnerability
1003984* - SMB NTLM Authentication Lack Of Entropy Vulnerability
1003979* - SMB Null Pointer Vulnerability
1003978* - SMB Pathname Overflow Vulnerability
1004346* - SMB Pool Overflow Vulnerability
1004355* - SMB Stack Exhaustion Vulnerability
1004641* - SMB Transaction Parsing Vulnerability (CVE-2011-0661)
1004348* - SMB Variable Validation Vulnerability
1003761* - SMBv2 Infinite Loop Vulnerability
1002975* - Server Service Vulnerability (wkssvc)
1004542* - Windows Netlogon Service Denial Of Service (CVE-2010-2742)
1003712* - Windows Vista SMB2.0 Negotiate Protocol Request Remote Code Execution
DCERPC Services - Client
1004566* - Identified Suspicious Microsoft DLL File Over Network Share
1004304* - Identified Suspicious Microsoft Windows Shortcut File Over Network Share
1004563* - Microsoft Windows 'CreateSizedDIBSECTION()' Thumbnail View Stack Buffer Overflow Vulnerability Over Network Share
1003832* - Microsoft Windows 'KeAccumulateTicks()' SMB2 Packet Remote Denial Of Service Vulnerability
1004053* - Microsoft Windows CHM Notepad Remote Code Execution
1004094* - SMB Client Memory Allocation Vulnerability
1004100* - SMB Client Message Size Vulnerability
1003973* - SMB Client Pool Corruption Vulnerability
1003980* - SMB Client Race Condition Vulnerability
1004096* - SMB Client Response Parsing Vulnerability
1004637* - SMB Client Response Parsing Vulnerability (CVE-2011-0660)
1004095* - SMB Client Transaction Vulnerability
DHCP Client
1000861* - Microsoft Windows DHCP Client Service Remote Code Execution
DNS Client
1002537* - Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability
1002358* - Adobe Multiple Products PDF JavaScript Method Buffer Overflow
1003328* - Disallow Intra-Site Automatic Tunnel Addressing Protocol
1003189* - Malware AGENT.BTZ Domain Blocker
1000468* - Microsoft Word Malformed Object Pointer Remote Code Execution
1003133* - Pointer Reference Memory Corruption Vulnerability Domain Blocker
Database Oracle
1009179* - Oracle Database Server 'ORACLE.EXE' Buffer Overflow Vulnerability (CVE-2003-0095)
1000407* - Oracle Database Server Buffer Overflow In Interval And Timestamp Functions
ISC DHCP OMAPI
1008902* - Identified Too Many DHCP OMAPI Connections
Microsoft Office
1009173 - Microsoft Excel Information Disclosure Vulnerability (CVE-2018-8163)
Web Application Common
1008959* - ImageMagick Multiple Security Vulnerabilities (Server) - 13
1008963 - ImageMagick Multiple Security Vulnerabilities (Server) - 16
1008972 - ImageMagick Multiple Security Vulnerabilities (Server) - 20
1008976 - ImageMagick Multiple Security Vulnerabilities (Server) - 22
1008978 - ImageMagick Multiple Security Vulnerabilities (Server) - 24
Web Application PHP Based
1009157 - Joomla Component Ekrishta SQL Injection Vulnerability (CVE-2018-12254)
1009263 - PHP 'exif_process_IFD_in_MAKERNOTE' Buffer Over Read Vulnerability (CVE-2018-14851)
1009261 - PHP 'exif_thumbnail_extract' Heap Overflow Vulnerability (CVE-2018-14883)
1008815 - PHP Heap Based Buffer Overflow Vulnerability (CVE-2017-16642)
Web Client Common
1008960 - ImageMagick Multiple Security Vulnerabilities (Client) - 16
1008971 - ImageMagick Multiple Security Vulnerabilities (Client) - 20
1008975 - ImageMagick Multiple Security Vulnerabilities (Client) - 22
1008977 - ImageMagick Multiple Security Vulnerabilities (Client) - 24
Web Server Common
1007185* - Java Unserialize Remote Code Execution Vulnerability
Web Server Miscellaneous
1009265* - Apache Struts OGNL Expression Remote Command Execution Vulnerability (CVE-2018-11776)
Windows Services RPC Server DCERPC
1003766* - Local Security Authority Subsystem Service Integer Overflow Vulnerability
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more