IPS Signature Release Note V7.15 - docs.sophos.com · The Release Note document for IPS Signature...

April 2016 Page 1 of 13

SOPHOS IPS Signature Update Release Notes Version: 7.15.57 Release Date : 29th January 2019

IPS Signature Update

January 2019 Page 2 of 13

Release Information

Upgrade Applicable on

IPS Signature Release Version 7.15.56

Sophos Appliance Models XG-550, XG-750, XG-650

Upgrade Information

Upgrade type: Automatic

Compatibility Annotations: None

Introduction

The Release Note document for IPS Signature Database Version 7.15.57 includes support for the new

signatures. The following sections describe the release in detail.

New IPS Signatures

The Sophos Intrusion Prevention System shields the network from known attacks by matching the

network traffic against the signatures in the IPS Signature Database. These signatures are developed to

significantly increase detection performance and reduce the false alarms.

Report false positives at [email protected] along with the application details.



This IPS Release includes One Hundred and Two(102) signatures to address Sixty Nine(69) vulnerabilities.

New signatures are added for the following vulnerabilities:

Name CVE–ID Category Severity

BROWSER-IE Metasploit Aurora Exploit Attempt

NA Browsers 1

BROWSER-IE Microsoft Internet Explorer CVE-2008-2254 Invalid Pointer Remote Code Execution

CVE-2008-2254

Browsers 2

BROWSER-IE Microsoft Internet Explorer CVE-2012-1526 Negative Margin Use After Free

CVE-2012-1526

Browsers 2

BROWSER-IE Microsoft Internet Explorer CVE-2012-4969 execCommand Use After Free

CVE-2012-4969

Browsers 2

BROWSER-IE Microsoft Internet Explorer CVE-2012-4969 execCommand Use After Free

CVE-2012-4969

Browsers 4

BROWSER-IE Microsoft Internet Explorer CVE-2018-8544 VBScript Engine Remote Code Execution Attempt

CVE-2018-8544

Browsers 2

BROWSER-IE Microsoft Internet Explorer event handler memory corruption attempt

CVE-2009-1530

Browsers 2



BROWSER-IE Microsoft Internet Explorer invalid object access memory corruption attempt CVE-2010-0249

CVE-2010-0249

Browsers 2

BROWSER-IE Microsoft Internet Explorer Jscript.Encode out-of-bounds read attempt CVE-2018-8631

CVE-2018-8631

Browsers 2

BROWSER-OTHER Malicious CVE-2014-6332 Payload VBS Obfuscation

CVE-2014-6332

Browsers 2

FILE-FLASH Adobe Flash CVE-2010-3654 authplay.dll memory corruption attempt

CVE-2010-3654

Multimedia 3

FILE-FLASH Adobe Flash Player CVE-2018-15982 TVSDK metadata use after free attempt

CVE-2018-15982

Multimedia 2

FILE-FLASH Adobe Flash Player CVE-2018-15982 Use After Free II

CVE-2008-2992

Multimedia 2

FILE-FLASH Adobe Flash Player CVE-2018-15982 Use After Free I

CVE-2008-2992

Multimedia 2

FILE-IMAGE Microsoft Graphics Component CVE-2018-8396 Information Disclosure

CVE-2018-8396

Application and Software

2



FILE-JAVA Oracle Java CVE-2010-4462 XGetSamplePtrFromSnd Memory Corruption Attempt

CVE-2010-4462


2

FILE-MULTIMEDIA RealNetworks RealPlayer CVE-2004-0273 RMP Vulnerabilities

CVE-2004-0273

Multimedia 1

FILE-OFFICE Microsoft Excel malformed OBJ Record Arbitrary Code Execution

CVE-2008-4264

Office Tools 2

FILE-OFFICE Microsoft Word document malicious iframe code injection attempt

NA Office Tools 2

FILE-OTHER Adobe Acrobat EMF EMR_CREATEMONOBRUSH out-of-bounds write attempt

CVE-2018-16020


2

FILE-OTHER Adobe Acrobat EMF out-of-bounds read attempt

CVE-2018-16022


2

FILE-OTHER Adobe Acrobat Pro CVE-2018-15993 WebCapture use after free attempt

CVE-2018-15993


2

FILE-OTHER Google Golang Get Command Injection

CVE-2018-7187


2



FILE-OTHER Google Golang Get Remote Command Execution

CVE-2018-16873


2

FILE-OTHER Google Golang Get Remote Command Execution

CVE-2018-16873


4

FILE-PDF Adobe Acrobat index file parsing memory corruption attempt

CVE-2018-16046


2

FILE-PDF Adobe Acrobat integer overflow attempt

CVE-2018-16007


2

FILE-PDF Adobe Acrobat Pro CVE-2018-16024 XSLT out-of-bounds Read Vulnerability

CVE-2018-16024


2

FILE-PDF Adobe Acrobat Pro use after free attempt

CVE-2018-19698


2

FILE-PDF Adobe Acrobat Reader AnnotsString memory corruption attempt

CVE-2018-16018


2

FILE-PDF Adobe Acrobat Reader CVE-2018-19717 Remote Code Execution Vulnerability

CVE-2018-19717


2

FILE-PDF Adobe Acrobat Reader JavaScript extractContents use after free attempt

CVE-2018-15992


2



FILE-PDF Adobe Acrobat Reader out of bounds read attempt

CVE-2018-15984


2

FILE-PDF Adobe Acrobat Reader XFA resolveNode use after free attempt

CVE-2018-19700


2

FILE-PDF Adobe Reader CVE-2008-2992 Util.Printf Remote Code Execution

CVE-2008-2992


2

FILE-PDF Adobe Reader CVE-2018-16031 Out Of Bounds Read

CVE-2018-5014


2

FILE-PDF Adobe Reader Javascript ANAuthenticateResource use-after-free attempt

CVE-2018-16040


2

FILE-PDF Adobe Reader JavaScript resolveNode use-after-free attempt

CVE-2018-19707


2


CVE-2018-19708


2


CVE-2018-19709


2


CVE-2018-19715


2

FILE-PDF Adobe Reader CVE- Application and 2



JavaScript resolveNode use-after-free Vulnerability

2018-19710

Software

FILE-PDF Adobe Reader PDF CVE-2018-16047 Information Disclosure

CVE-2018-16047


2

FILE-PDF Foxit Reader and PhantomPDF XFA xdpContent Information Disclosure

CVE-2018-3956


2

MISC ONTENT-REPLACE Microsoft Windows Encrypted DCERPC request attempt

NA Misc 1

OS-WINDOWS Microsoft Windows DHCP Client CVE-2019-0547 Code Execution

CVE-2019-0547

Operating System and Services

2

OS-WINDOWS Microsoft Windows EOT Font CVE-2018-0755 Engine Information Disclosure

CVE-2018-0755


2

OS-WINDOWS Microsoft Windows Graphics CVE-2018-8595 Device Interface EMR_HEADER Information Disclosure

CVE-2018-8595


3

OS-WINDOWS Microsoft Windows Graphics CVE-2018-8596 Device Interface Information Disclosure

CVE-2018-8596


2



OS-WINDOWS Microsoft Windows Graphics Device Interface Information Disclosure

CVE-2018-8596


2

OS-WINDOWS Microsoft Windows Graphics Device Interface Information Disclosure

CVE-2018-8596


4

OS-WINDOWS Microsoft Windows OLE CVE-2014-6332 Automation Array RCE XIII

CVE-2014-6332


2

OS-WINDOWS Microsoft Windows OLE CVE-2014-6332 Automation Array RCE XII

CVE-2014-6332


2

OS-WINDOWS Microsoft Windows OLE CVE-2014-6332 Automation Array RCE XI

CVE-2014-6332


2

OS-WINDOWS Microsoft Windows OLE CVE-2014-6332 Automation Array RCE XIV

CVE-2014-6332


2

OS-WINDOWS Microsoft Windows OLE CVE-2014-6332 Automation Array RCE X

CVE-2014-6332


2



OS-WINDOWS Microsoft Windows OLE CVE-2014-6332 Automation Array RCE XV

CVE-2014-6332


2

OS-WINDOWS Microsoft XML Core Services MIME Viewer memory corruption attempt CVE-2007-0099

CVE-2007-0099


2

PROTOCOL-SCADA Rockwell Automation RSLinx Classic CIP SendRRData Heap Buffer Overflow

CVE-2018-14821

Industrial Control System

2

SERVER-MAIL RCPT TO overflow CVE-2009-0410

CVE-2001-0260

Other Mail Server

3

SERVER-OTHER Elastic Kibana server.js Local File Inclusion

CVE-2018-17246

Web Services and Applications

3

SERVER-OTHER Ingres Database iidbms Heap Overflow

NA Other Web

Server 2

SERVER-OTHER Kubernetes API Proxy Request Handling Privilege Escalation (Decrypted Traffic)

CVE-2018-

1002105

Other Web Server

2

SERVER-OTHER Kubernetes API Proxy Request Handling Privilege Escalation (Decrypted Traffic)

CVE-2018-

1002105

Other Web Server

4



SERVER-OTHER Kubernetes API Proxy Request Handling Privilege Escalation

CVE-2018-

1002105

Other Web Server

2

SERVER-OTHER libVNC LibVNCServer File Transfer Extension Heap-based Buffer Overflow

CVE-2018-15127

Other Web Server

2

SERVER-OTHER libVNC LibVNCServer File Transfer Extension Heap-based Buffer Overflow

CVE-2018-15127

Other Web Server

4

SERVER-WEBAPP Netgate pfSense CVE-2018-4021 system_advanced_misc.php Command Injection

CVE-2018-4021


2

SERVER-WEBAPP Zoho ManageEngine OpManager DataMigrationServlet Insecure Deserialization CVE-2018-19403

CVE-2018-19403


2



• Name: Name of the Signature

• CVE–ID: CVE Identification Number - Common Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for publicly known information security vulnerabilities.

• Category: Class type according to threat

• Severity: Degree of severity - The levels of severity are described in the table below:

Severity Level Severity Criteria

1 Low

2 Moderate

3 High

4 Critical



Important Notice

Sophos Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Sophos Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Sophos Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice.

RESTRICTED RIGHTS

©1997 - 2019 Sophos Ltd. All rights reserved.

All rights reserved. Sophos, Sophos logo are trademark of Sophos Technologies Pvt. Ltd.

Corporate Headquarters

Sophos Technologies Pvt. Ltd.

Reg. Office: Sophos House, Saigulshan Complex,

Beside White House, Panchvati Cross Road,

Ahmedabad – 380006, INDIA

Phone: +91-79-66216666

Fax: +91-79-26407640

Web site: www.sophos.com

http://www.cyberoam.com/

Date post:	22-May-2020
Category:	Documents
Upload:	others
View:	6 times
Download:	0 times

IPS Signature Release Note V7.15 - docs.sophos.com · The Release Note document for IPS Signature...

Documents