ips signature release note v7.16 - sophos · 2019. 8. 29. · ips signature release version 7.16.17...
TRANSCRIPT
April 2016 Page 1 of 13
SOPHOS IPS Signature Update Release Notes Version: 7.16.18 Release Date : 13th August 2019
IPS Signature Update
August 2019 Page 2 of 13
Release Information
Upgrade Applicable on
IPS Signature Release Version 7.16.17
Sophos Appliance Models XG-550, XG-750, XG-650
Upgrade Information
Upgrade type: Automatic
Compatibility Annotations: None
Introduction
The Release Note document for IPS Signature Database Version 7.16.18 includes support for the new
signatures. The following sections describe the release in detail.
New IPS Signatures
The Sophos Intrusion Prevention System shields the network from known attacks by matching the
network traffic against the signatures in the IPS Signature Database. These signatures are developed to
significantly increase detection performance and reduce the false alarms.
Report false positives at [email protected] along with the application details.
IPS Signature Update
August 2019 Page 3 of 13
This IPS Release includes Seventy Nine(79) signatures to address Seventy Six (76) vulnerabilities.
New signatures are added for the following vulnerabilities:
Name CVE–ID Category Severity
BROWSER-IE Microsoft Edge Chakra CVE-2018-0780 AsmJSByteCodeGenerator EmitCall Type Confusion I
CVE-2018-0780
Browsers 1
BROWSER-IE Microsoft Edge CVE-2019-1139 Type Confusion Vulnerability
CVE-2019-1139
Browsers 2
BROWSER-IE Microsoft Edge CVE-2019-1140 Type Confusion Vulnerability
CVE-2019-1140
Browsers 2
BROWSER-IE Microsoft Edge CVE-2019-1196 Type Confusion Vulnerability
CVE-2019-1196
Browsers 2
BROWSER-IE Microsoft Internet Explorer Invalid Flag Reference Memory Corruption
CVE-2010-3962
Browsers 1
FILE-OFFICE Microsoft Windows Image File Handling Information Disclosure
CVE-2016-7212
Office Tools 2
FILE-OTHER Adobe Acrobat Pro EMF malformed bitmap rectangle destination out of bounds read
CVE-2018-4886
Application and Software
1
IPS Signature Update
August 2019 Page 4 of 13
attempt
FILE-OTHER Adobe Acrobat Pro EMF malformed bitmap rectangle destination out of bounds read attempt
CVE-2018-4886
Application and Software
2
FILE-OTHER Microsoft Outlook CVE-2019-1199 Use-After-Free Vulnerability
CVE-2019-1199
Application and Software
2
PROTOCOL-OTHER NETBIOS Session Service header length field denial of service attempt
NA Operating System
and Services 3
PROTOCOL-SCADA IEC 104 force off denial of service attempt
NA Industrial Control
System 3
PROTOCOL-SCADA Modbus function scan
NA Industrial Control
System 3
PROTOCOL-SCADA Modbus list scan
NA Industrial Control
System 3
PROTOCOL-SCADA OMRON-FINS program area protect clear brute force attempt
NA Industrial Control
System 3
PROTOCOL-SCADA Rockwell Automation RSLinx Classic CIP SendRRData Heap Buffer Overflow
CVE-2018-14821
Industrial Control System
1
PROTOCOL-SCADA NA Industrial Control 3
IPS Signature Update
August 2019 Page 5 of 13
SCADA Engine OPC Server arbitrary file upload attempt
System
PROTOCOL-TELNET login buffer non-evasive overflow attempt
CVE-2001-0797
Operating System and Services
1
PROTOCOL-VOIP BYE flood
NA VoIP and Instant
Messaging 3
PROTOCOL-VOIP Digium Asterisk IAX2 call number denial of service
CVE-2009-2346
VoIP and Instant Messaging
3
PROTOCOL-VOIP Ghost call attack attempt
NA VoIP and Instant
Messaging 3
PROTOCOL-VOIP INVITE flood
CVE-2008-5180
VoIP and Instant Messaging
3
PROTOCOL-VOIP Mr.SIP Invite Request Denial-Of-Service Attempt
NA VoIP and Instant
Messaging 3
PROTOCOL-VOIP Mr.SIP Subscribe Request Denial-Of-Service Attempt
NA VoIP and Instant
Messaging 3
PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt
NA VoIP and Instant
Messaging 1
PROTOCOL-VOIP Response code 405 Method Not Allowed response flood
NA VoIP and Instant
Messaging 3
IPS Signature Update
August 2019 Page 6 of 13
PROTOCOL-VOIP SIP REGISTER flood attempt
CVE-2014-2154
VoIP and Instant Messaging
1
PROTOCOL-VOIP SIP REGISTER flood attempt
CVE-2014-2154
VoIP and Instant Messaging
3
SERVER-APACHE Apache HTTP Server mod_rpaf x-forwarded-for Denial of Service
CVE-2012-3526
Apache HTTP Server
2
SERVER-APACHE Apache Tomcat remote JSP file upload attempt
CVE-2017-12617
Apache HTTP Server
3
SERVER-IIS Microsoft ASP.NET Bad Request Denial-Of-Service Attempt
CVE-2009-1536
Microsoft IIS web server
1
SERVER-IIS Microsoft Windows ASP .NET denial of service attempt
CVE-2014-0253
Microsoft IIS web server
1
SERVER-IIS tilde character file name discovery attempt
NA Microsoft IIS web
server 1
SERVER-MAIL Multiple IMAP Servers APPEND Command Buffer Overflow Attempt
CVE-2006-6425
Other Mail Server
1
SERVER-MYSQL MySQL/MariaDB Server Geometry Query Multistring Object Integer Overflow attempt
CVE-2013-1861
Database Management
System 1
IPS Signature Update
August 2019 Page 7 of 13
SERVER-MYSQL MySQL/MariaDB Server Geometry Query Object Integer Overflow Attempt
CVE-2013-1861
Database Management
System 1
SERVER-MYSQL Oracle MySQL Server InnoDB Memcached Plugin Resource Exhaustion Attempt
CVE-2013-1570
Database Management
System 3
SERVER-MYSQL Oracle MySQL user enumeration attempt
CVE-2012-5615
Database Management
System 3
SERVER-ORACLE Oracle Application Test Suite server authentication bypass attempt
CVE-2016-0492
Database Management
System 2
SERVER-ORACLE Oracle Application Test Suite Server Authentication Bypass Attempt
CVE-2016-0492
Database Management
System 2
SERVER-ORACLE Oracle Application Test Suite server authentication bypass attempt
CVE-2016-0492
Other Web Server
2
SERVER-OTHER Cisco Catalyst Telnet Memory Leak Denial-Of-Service Attempt
NA Other Web
Server 3
SERVER-OTHER Dhcpcd Packet Size Buffer Overflow Attempt
CVE-2012-2152
Other Web Server
1
SERVER-OTHER DHCP Discover Broadcast
NA Other Web
Server 3
IPS Signature Update
August 2019 Page 8 of 13
Flood Attempt
SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt
CVE-2013-2329
Other Web Server
1
SERVER-OTHER HP-UX lpd command execution attempt
CVE-2005-3277
Other Web Server
1
SERVER-OTHER IBM Cognos Server Backdoor Account Remote Code Execution Attempt
CVE-2010-0557
Other Web Server
1
SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe Stack Buffer Overflow Attempt
CVE-2011-1206
Other Web Server
1
SERVER-OTHER ISC BIND 9 DNS rdata Length Handling Remote Denial-Of-Service Attempt
CVE-2013-4854
Other Web Server
3
SERVER-OTHER ISC BIND Malformed Control Channel Authentication Message Denial-Of-Service attempt
CVE-2016-1285
Other Web Server
3
SERVER-OTHER Java Library CommonsCollection Unauthorized Serialized Object Attempt
CVE-2015-3253
Other Web Server
1
SERVER-OTHER Microsoft Active
CVE-2013-
Other Web 3
IPS Signature Update
August 2019 Page 9 of 13
Directory LDAP Search Denial-Of-Service Attempt
1282 Server
SERVER-OTHER MIT Kerberos libkdb_ldap Principal Name Handling Denial-Of-Service Attempt
CVE-2011-0281
Other Web Server
3
SERVER-OTHER Multiple Vendors IPMI RAKP Username Brute Force Attempt
CVE-2013-4786
Other Web Server
2
SERVER-OTHER Novell NetWare AFP denial of service attempt
CVE-2010-0317
Other Web Server
3
SERVER-OTHER NTP mode 6 REQ_NONCE Denial-Of-Service Attempt
CVE-2013-5211
Other Web Server
3
SERVER-OTHER NTP mode 6 UNSETTRAP Denial-Of-Service Attempt
CVE-2013-5211
Other Web Server
3
SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt
CVE-2014-0160
Other Web Server
3
SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt
CVE-2014-3567
Other Web Server
1
SERVER-OTHER OpenSSL TLS large number of session
CVE-2014-
Other Web Server
3
IPS Signature Update
August 2019 Page 10 of 13
tickets sent - possible dos attempt
3567
SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt
CVE-2014-0160
Other Web Server
3
SERVER-OTHER PHP core compressed file temp_len buffer overflow attempt
CVE-2015-3329
Other Web Server
1
SERVER-OTHER Products Discovery Service Buffer Overflow
CVE-2006-5143
Other Web Server
4
SERVER-OTHER Products Discovery Service Buffer Overflow
CVE-2006-5143
Other Web Server
1
SERVER-OTHER Remote Desktop Protocol Brute Force Attempt
CVE-2015-0079
Other Web Server
3
SERVER-OTHER rsyslog Remote PRI Out Of Bounds Attempt
CVE-2014-3634
Other Web Server
1
SERVER-OTHER Spiffit UDP Denial-Of-Service Attempt
CVE-1999-0194
Other Web Server
3
SERVER-OTHER SSLv3 Plaintext Recovery Attempt
CVE-2013-0169
Other Web Server
1
SERVER-OTHER TLSv1.1 Plaintext Recovery Attempt
CVE-2013-0169
Other Web Server
1
SERVER-OTHER TLSv1.1 CVE- Other Web 2
IPS Signature Update
August 2019 Page 11 of 13
POODLE CBC Padding Brute Force Attempt
2014-8730
Server
SERVER-OTHER TLSv1.2 POODLE CBC Padding Brute Force Attempt
CVE-2014-8730
Other Web Server
2
SERVER-OTHER vsFTPd Denial-Of -Service Attempt
CVE-2004-2259
Other Web Server
3
SERVER-OTHER Windows iSCSI Target Login Request Denial-Of-Service Attempt
CVE-2014-0255
Other Web Server
3
SERVER-WEBAPP HPE Intelligent Management Center WebDMServlet Insecure Deserialization
CVE-2017-12558
Web Services and Applications
1
SERVER-WEBAPP WECON LeviStudio InstallmentSet InstallmentTrigAddOpen Stack Buffer Overflow
CVE-2019-6537
Web Services and Applications
1
SERVER-WEBAPP WECON LeviStudio InstallmentSet InstallmentTrigAddOpen Stack Buffer Overflow
CVE-2019-6537
Web Services and Applications
4
IPS Signature Update
August 2019 Page 12 of 13
• Name: Name of the Signature
• CVE–ID: CVE Identification Number - Common Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for publicly known information security vulnerabilities.
• Category: Class type according to threat
• Severity: Degree of severity - The levels of severity are described in the table below:
Severity Level Severity Criteria
1 Low
2 Moderate
3 High
4 Critical
IPS Signature Update
August 2019 Page 13 of 13
Important Notice
Sophos Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Sophos Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Sophos Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice.
RESTRICTED RIGHTS
©1997 - 2019 Sophos Ltd. All rights reserved.
All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies Pvt. Ltd.
Corporate Headquarters
Sophos Technologies Pvt. Ltd.
Reg. Office: Sophos House, Saigulshan Complex,
Beside White House, Panchvati Cross Road,
Ahmedabad – 380006, INDIA
Phone: +91-79-66216666
Fax: +91-79-26407640
Web site: www.sophos.com