Update Details
Update #3087 (07/31/2018)
10 deprecated signatures:
| HIGH | DOS:WINDOWS:WINNUKE-NETBIOS | DOS: WinNuke (netbios) | Removal Date: 08/23/2018 | Reason For Deprecation: Very old cve sig for EOS products. |
| MEDIUM | SMB:MS-WIN-2000-LANMAN-UDP-DOS | SMB: Microsoft Windows 2000 Lanman UDP Denial of Service | Removal Date: 08/23/2018 | Reason For Deprecation: Very old cve sig for EOS products. |
| INFO | SCAN:MISC:HTTP:FINGER-PROBE | SCAN: Finger Probe | Removal Date: 08/23/2018 | Reason For Deprecation: This signature is for End of support products. |
| HIGH | DOS:IP:IGMP-OVERSIZE | DOS: IGMP Oversize | Removal Date: 08/23/2018 | Reason For Deprecation: This signature is for End of support products. |
| HIGH | NETBIOS:DOS:RFPOISON | NETBIOS RFPoision DOS Attack | Removal Date: 08/23/2018 | Reason For Deprecation: Very old cve sig for EOS products. |
| MEDIUM | FINGER:USER:ROOT | FINGER: User "root" | Removal Date: 08/23/2018 | Reason For Deprecation: Very old cve sig for EOS products. |
| MEDIUM | HTTP:STC:CLSID:ACTIVEX:WH32-OF | HTTP: WinHelp32.exe Remote Buffer Overrun | Removal Date: 08/23/2018 | Reason For Deprecation: Very old cve sig for EOS products. |
| LOW | SCAN:CYBERCOP:FINGER-QUERY | SCAN: Cybercop Finger Query | Removal Date: 08/23/2018 | Reason For Deprecation: This signature is for End of support products. |
| MEDIUM | FINGER:USER:SLASH-FILE | FINGER: / File Query | Removal Date: 08/23/2018 | Reason For Deprecation: This signature is for End of support products. |
| HIGH | IP:SRC-ROUTE-OF | IGMP: Source Route Overflow | Removal Date: 08/23/2018 | Reason For Deprecation: This signature is for End of support products. |
Customers are suggested to remove the deprecated signatures from the IDP policy, if they are explicitly configured, other than Dynamic groups
3 new signatures:
| HIGH | HTTP:STC:ADOBE:CVE-2018-12758CE | HTTP: Adobe Acrobat Distiller CVE-2018-12758 Remote Code Execution |
| HIGH | HTTP:STC:ADOBE:CVE2018-12790-ID | HTTP: Adobe Acrobat Reader CVE-2018-12790 Information Disclosure |
| HIGH | APP:MISC:CVE-2018-10594-BO | APP: Delta Electronics Delta Industrial Automation AHSIM_5x0 Simulator Buffer Overflow |
1 updated signature:
| HIGH | HTTP:STC:ACTIVEX:TUMBLEWEED | HTTP: Tumbleweed FileTransfer ActiveX Control Buffer Overflow |
Details of the signatures included within this bulletin:
HTTP:STC:ADOBE:CVE-2018-12758CE - HTTP: Adobe Acrobat Distiller CVE-2018-12758 Remote Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Adobe Acrobat Distiller. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2018-12758
HTTP:STC:ADOBE:CVE2018-12790-ID - HTTP: Adobe Acrobat Reader CVE-2018-12790 Information Disclosure
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Adobe Acrobat Reader. A successful attack can lead to Information Disclosure.
Supported On:
idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, j-series-9.5, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1
References:
- cve: CVE-2018-12790
APP:MISC:CVE-2018-10594-BO - APP: Delta Electronics Delta Industrial Automation AHSIM_5x0 Simulator Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Delta Electronics Delta Industrial Automation AHSIM_5x0 Simulator. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
HTTP:STC:ACTIVEX:TUMBLEWEED - HTTP: Tumbleweed FileTransfer ActiveX Control Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to use unsafe ActiveX controls in Tumbleweed SecureTransport suite. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Supported On:
idp-5.1.110161014, DI-Client, DI-Worm, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
- url: http://www.aushack.com/200708-tumbleweed.txt
- bugtraq: 28662
- cve: CVE-2008-1724
Affected Products:
- Tumbleweed securetransport 4.6.1