17-057 (December 5, 2017)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1008622 - Identified NTLMv1 Authentication Attempt Over SMB
1008660* - Microsoft Windows SMB Out-Of-Bounds Read Denial Of Service Vulnerability (CVE-2017-11781)


DNS Client
1002657* - DNS Insufficient Socket Entropy Vulnerability
1005020* - Detected Too Many DNS Responses With 'No Such Name' Error
1005101* - ISC BIND Zero Length RDATA Denial Of Service Vulnerability
1003928* - Oracle Secure Backup observiced.exe Buffer Overflow


DNS Server
1000836* - Microsoft Windows NAT Helper DNS Query DoS
1000167* - Snort Back Orifice Pre-Processor Buffer Overflow


HP Intelligent Management Center Dbman
1008749 - HPE Intelligent Management Center Dbman Stack Buffer Overflow Vulnerability (CVE-2017-8956)


HP Network Automation
1008676* - HPE Network Automation FileServlet Information Disclosure Vulnerability (CVE-2017-5811)


Mail Server Exim
1008758 - Exim Unix Mailer Multiple Security Vulnerabilities


SSL/TLS Server
1008534* - GnuTLS Proxy Certificate Information Extension Memory Corruption Vulnerability (CVE-2017-5334) - Server


Unix Kerberos
1008561* - Kerberos kadmind Policy Null Pointer Dereference Denial Of Service Vulnerability (CVE-2015-8630)


Web Application PHP Based
1008626* - Drupal Services Module Remote Code Execution Vulnerability
1008548* - PHP Session Data Injection Vulnerability (CVE-2016-7125)


Web Client Common
1008702 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2017-11816)


Web Client Internet Explorer/Edge
1008635* - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2017-11763)


Web Server Miscellaneous
1008751 - Apache CouchDB Remote Code Execution Vulnerabilities (CVE-2017-12635)
1004610* - Oracle Java SE And Java For Business Remote Security Vulnerability (CVE-2010-4476)
1008763 - Red Hat JBoss Application Server 'doFilter' Insecure Deserialization Vulnerability (CVE-2017-12149)


Integrity Monitoring Rules:

1005195* - Microsoft Windows - Log File Attributes Changes Detected
1005193* - Unix - Log File Attributes Changes Detected


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.