Update Details

Update #2362 (04/09/2014)

1 new signature:

HIGH

SSL:OPENSSL-TLS-DTLS-HEARTBEAT

SSL: OpenSSL TLS DTLS Heartbeat Information Disclosure

3 renamed application signatures:

Messaging:Mail:LOTUSNOTES	->	Messaging:Mail:LOTUS-NOTES
P2P:File-Sharing:XUNLEI-TCP-MESSAGE	->	P2P:File-Sharing:XUNLEI-TCP
P2P:File-Sharing:GNUCLEUSLAN-CONNECT	->	P2P:File-Sharing:GNUCLEUSLAN

Details of the signatures included within this bulletin:

Messaging:Mail:LOTUS-NOTES - Lotus Notes

Description:

This signature detects Lotus Notes, which is a client-server collaborative software and e-mail system owned by Lotus Software, of the IBM Software Group. Lotus Notes and Domino servers support a proprietary protocol called NotesRPC, commonly known as the Notes protocol. This protocol is usually bound to TCP port 1352, but can also use NetBIOS, Netware SPX, Banyan Vines, and modem dialup for transport. When the clients and servers are located within the same Windows LAN network, NotesRPC is running on the NetBios by default.

Supported On:

srx-branch-11.4, idp-4.1.110110719, mx-11.4, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, idp-5.0.110130325, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, srx-10.0, srx-branch-10.0, isg-3.5.140347, idp-5.1.110131122, isg-3.5.140407, idp-4.2.110101203, idp-5.1.0, idp-5.0.110121210, idp-4.1.110110609, idp-5.1.110140207, srx-11.4

References:

P2P:File-Sharing:XUNLEI-TCP - Xunlei TCP

Description:

This signature detects Xunlei - Chinese P2P File Sharing Program. The name of program implementation is Thunder.

Supported On:

References:

url: http://www.xunlei.com

SSL:OPENSSL-TLS-DTLS-HEARTBEAT - SSL: OpenSSL TLS DTLS Heartbeat Information Disclosure

Severity: HIGH

Description:

This signature detects attempts to exploit a known flaw in OpenSSL. An information disclosure vulnerability exists in OpenSSL. The vulnerability is due to an error when handling TLS/DTLS heartbeat packets. An attacker can leverage this vulnerability to disclose memory contents of a connected client or server. This version only protects OpenSSL SERVERS. For client protection (not Recommended, and for most customers, not needed), please use SSL:OPENSSL-HEARTBEAT-ALTERNATE *instead* of this signature. NOTE: This is a performance-impacting signature, and therefore will NOT be in the pre-defined dynamic group "[Recommended]SSL" but instead in the "[Recommended]Misc_SSL". Alternatively, you can add this signature directly by name to your policy to ensure you have the correct protection.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, isg-3.5.140347, idp-5.1.110131122, isg-3.5.140407, idp-5.1.110140207

References:

url: http://www.openssl.org/news/secadv_20140407.txt
bugtraq: 66690
url: http://heartbleed.com/
cve: CVE-2014-0160

P2P:File-Sharing:GNUCLEUSLAN - GnucleusLAN

Description:

This signature detects GnucleusLAN, which is a Windows application for accessing the Gnutella and G2 networks.