描述:
本升级包为入侵防护特征库升级包,仅支持在固件版本5.6R10F00之上,引擎版本5.6R10F00及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.19827。该升级包新增/改进的规则有:
新增规则:
1. 攻击[24426]:RavenDB 4.1.4 跨站脚本攻击
2. 攻击[41654]:Linux watchdogs挖矿病毒恶意文件下载
3. 攻击[49027]:watchdogs挖矿木马DNS通信
4. 攻击[49026]:恶意程序windows/Brushaloader_a网络通信
5. 攻击[24427]:Video Downloader 和 Video Downloader Plus 谷歌Chrome浏览器扩展程序UXSS漏洞
6. 攻击[24428]:Drupal 8.6.9 REST 远程代码执行漏洞
7. 攻击[24429]:Windows Vista RSS Feeds Gadget 跨站点脚本漏洞(CVE-2007-3033)
8. 攻击[30716]:Chrome打开pdf文件信息泄露漏洞
9. 攻击[41655]:"驱动人生"下载器木马通信
10. 攻击[24430]:Microsoft Windows DHCP 服务代码执行(CVE-2019-0626)
11. 攻击[30717]:NTPsec ntpd process_control越界读取漏洞(CVE-2019-6444)
更新规则:
1. 攻击[21412]:Microsoft Internet Explorer WebViewFolderIcon "setSlice"整数溢出漏洞(CVE-2006-3730)
2. 攻击[61636]:Oracle BEA Weblogic Server console-help.portal XSS漏洞(CVE-2009-1975)
3. 攻击[20074]:Quiksoft EasyMail SMTP ActiveX控件远程栈缓冲区溢出漏洞
4. 攻击[62397]:Microsoft Internet Explorer语音控制对象内存破坏漏洞(CVE-2007-2222)
5. 攻击[62400]:Microsoft CAPICOM ActiveX控件远程代码执行漏洞(MS07-028)
6. 攻击[61780]:GNU Mailman附件正规化器UTF8文件名拒绝服务漏洞
7. 攻击[62776]:ebCrypt ActiveX控件任意文件覆盖及拒绝服务漏洞
8. 攻击[62788]:Microsoft Internet Explorer Sysmon拒绝服务漏洞
9. 攻击[62785]:Microsoft Internet Explorer HtmlDlgSafeHelper.HtmlDlgSafeHelper.fonts拒绝服务漏洞
10. 攻击[62754]:Microsoft Internet Explorer Applet文件路径拒绝服务漏洞
11. 攻击[20310]:Sendmail 8.12 邮件头处理远程缓冲区溢出攻击
12. 攻击[62408]:Apple WebKit WebCore 远程拒绝服务漏洞
13. 攻击[62409]:Microsoft Internet Explorer浏览器弹出窗口对象类型验证漏洞(MS03-040)
14. 攻击[62051]:iLife Photocast XML标题格式串漏洞
15. 攻击[62260]:Microsoft Excel日历对象验证内存破坏漏洞
16. 攻击[62468]:Oracle 9i HTTP服务器 OWA_UTIL存储过程信息泄露漏洞
17. 攻击[62283]:Internet Explorer 6 权限和访问控制漏洞
18. 攻击[24428]:Drupal 8.6.9 REST 远程代码执行漏洞(CVE-2019-6340)
19. 攻击[62287]:Microsoft Internet Explorer脚本操作处理器缓冲区溢出漏洞(MS06-013)
20. 攻击[24315]:Zoho ManageEngine OpManager FailOverHelperServlet跨站点脚本(CVE-2018-12998)
21. 攻击[62290]:Microsoft Windows 2000 TroubleShooter ActiveX控件缓冲区溢出漏洞
22. 攻击[20344]:Microsoft IIS 5.0 WebDAV远程缓冲区溢出攻击
23. 攻击[62293]:Microsoft Internet Explorer临时互联网文件文件夹访问漏洞
24. 攻击[62314]:Apple Safari for Windows协议处理命令注入漏洞
25. 攻击[62358]:Microsoft Windows Media Player插件缓冲区溢出漏洞(MS06-006)
26. 攻击[62368]:Microsoft PowerPoint列表值解析代码执行漏洞(MS08-051)
27. 攻击[62370]:Microsoft Windows WinHlp项目缓冲区溢出漏洞(http)
28. 攻击[62372]:Microsoft Vista侧栏联系人及天气小工具远程代码执行漏洞(MS07-048)
29. 攻击[62375]:Mozilla Firefox远程任意命令执行漏洞
30. 攻击[62376]:Microsoft Internet Explorer MSXML3竞争条件内存破坏漏洞(MS08-069)
31. 攻击[62485]:CUPS处理"/.."请求时逻辑错误远程拒绝服务漏洞
32. 攻击[62377]:Microsoft Windows Media Format运行时库远程任意指令执行漏洞
33. 攻击[62395]:Microsoft Internet Explorer COM对象实例化代码执行漏洞(MS06-021)
34. 攻击[61275]:Microsoft Internet Explorer事件处理跨域安全绕过漏洞(CVE-2008-3474)
35. 攻击[61302]:Firefox JavaScript: favicons代码插入执行漏洞
36. 攻击[61372]:uTorrent Torrent文件处理远程缓冲区溢出漏洞
37. 攻击[61374]:Apple Mac OS X Terminal x-man-path URI任意命令注入漏洞
38. 攻击[61476]:Altnet Download Manager ActiveX控件缓冲区溢出漏洞
39. 攻击[61552]:Microsoft Office PowerPoint遗留文件格式漏洞(client)
40. 攻击[61555]:Microsoft PowerPoint PP7X32.DLL库多个栈溢出漏洞(MS09-017)
41. 攻击[61559]:Microsoft PowerPoint Notes容器堆溢出漏洞(MS09-017)
42. 攻击[61560]:Microsoft Office PowerPoint数据越界漏洞
43. 攻击[20418]:Microsoft PCT协议远程缓冲区溢出攻击
44. 攻击[49022]:恶意病毒程序永恒之石DNS请求连接(EternalRocks)
注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.
NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.19827. This package include changed rules:
new rules:
1. threat[24426]:RavenDB 4.1.4 Cross Site Scripting
2. threat[41654]:Miner Linux watchdogs Downloading Malicious Programs
3. threat[49027]:Watchdogs mining trojan DNS communication
4. threat[49026]:Malicious Program windows/Brushaloader_a Network Communications
5. threat[24427]:Video Downloader and Video Downloader Plus Chrome Extension UXSS Vulnerability
6. threat[24428]:Drupal 8.6.9 REST Remote Code Execution
7. threat[24429]:Windows Vista RSS Feeds Gadget Cross Site Scripting Vulnerability(CVE-2007-3033)
8. threat[30716]:Chrome opens pdf file information disclosure Vulnerability
9. threat[41655]:"Driver Talent" Downloader Trojan Communication
10. threat[24430]:Microsoft Windows DHCP Server Code Execution(CVE-2019-0626)
11. threat[30717]:NTPsec ntpd process_control Out of Bounds Read Vulnerability(CVE-2019-6444)
update rules:
1. threat[21412]:Microsoft Internet Explorer WebViewFolderIcon setSlice Integer Overflow Vulnerability(CVE-2006-3730)
2. threat[61636]:Oracle BEA Weblogic Server console-help.portal Cross-Site Scripting Vulnerability(CVE-2009-1975)
3. threat[20074]:Quiksoft EasyMail SMTP ActiveX Controls Remote Stack Buffer Overflow Vulnerability
4. threat[62397]:Microsoft Internet Explorer Speech Control Object Memory Corruption Vulnerability(CVE-2007-2222)
5. threat[62400]:CAPICOM.Certificates ActiveX Control Remote Code Execution
6. threat[61780]:GNU Mailman Attachment Scrubber UTF8 Filename Denial of Service Vulnerability
7. threat[62776]:EBCRYPT ActiveX Denial of Service Vulnerability
8. threat[62788]:Microsoft Internet Explorer Sysmon Denial of Service Vulnerability
9. threat[62785]:Microsoft Internet Explorer HtmlDlgSafeHelper.HtmlDlgSafeHelper.fonts Denial of Service Vulnerability
10. threat[62754]:Microsoft Internet Explorer Applet File Path Denial of Service Vulnerability
11. threat[20310]:Sendmail 8.12 Mail Header Handling Remote Buffer Overflow
12. threat[62408]:Apple Webkit HTML Parsing Rowspan Denial of Service
13. threat[62409]:Microsoft Internet Explorer Browser Popup Window Object Type Validation Vulnerability(MS03-040)
14. threat[62051]:iLife Photocast XML Title Format String Vulnerability
15. threat[62260]:Microsoft Excel Calendar Object Validation Memory Corruption Vulnerability
16. threat[62468]:Oracle 9i HTTP Server OWA_UTIL Stored Procedures Information Disclosure Vulnerability
17. threat[62283]:Microsoft Internet Explorer File Upload Keystroke Hijack
18. threat[24428]:Drupal 8.6.9 REST Remote Code Execution(CVE-2019-6340)
19. threat[62287]:Microsoft Internet Explorer Script Action Handler Buffer Overflow Vulnerability(MS06-013)
20. threat[24315]:Zoho ManageEngine OpManager FailOverHelperServlet Cross-Site Scripting(CVE-2018-12998)
21. threat[62290]:Microsoft Windows Troubleshooter ActiveX Control Buffer Overflow Vulnerability
22. threat[20344]:Microsoft IIS 5.0 WebDAV Remote Buffer Overflow
23. threat[62293]:Microsoft Internet Explorer Temporary Internet Files Folder Access Vulnerability
24. threat[62314]:Apple Safari for Windows Remote Command Execution Vulnerability
25. threat[62358]:Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability(MS06-006)
26. threat[62368]:Microsoft PowerPoint List Value Parsing Remote Code Execution Vulnerability(MS08-051)
27. threat[62370]:Microsoft Windows WinHlp Item Buffer Overflow Vulnerability(http)
28. threat[62372]:Windows Vista Contacts Gadget Remote Code Execution Vulnerability
29. threat[62375]:Mozilla Firefox Remote Arbitrary Commands Execution Vulnerability
30. threat[62376]:Microsoft Internet Explorer MSXML3 Race Condition Memory Corruption Vulnerability(MS08-069)
31. threat[62485]:CUPS Malformed Directory Traversal HTTP Request DOS
32. threat[62377]:Microsoft Windows Media Format Runngingtime Remote Code Execution Exploition
33. threat[62395]:Microsoft Internet Explorer COM Object Instantiation Code Execution Vulnerability(MS06-021)
34. threat[61275]:Microsoft Internet Explorer Event Handling Cross Domain Security Bypass Vulnerability(CVE-2008-3474)
35. threat[61302]:Mozilla Firefox PLUGINSPAGE Remote Script Code Execution Vulnerability
36. threat[61372]:uTorrent Torrent File Handling Remote Buffer Overflow Vulnerability
37. threat[61374]:Apple Mac OS X Terminal X-Man-Path Input Validation Vulnerability
38. threat[61476]:Altnet Download Manager ActiveX Control Buffer Overflow Vulnerability
39. threat[61552]:Microsoft Office PowerPoint Legacy File Format Vulnerability(client)
40. threat[61555]:Microsoft Office PowerPoint Memory Corruption Vulnerability(MS09-017)
41. threat[61559]:Microsoft Office PowerPoint Heap Corruption Vulnerability
42. threat[61560]:Microsoft Office PowerPoint Data Out of Bounds Vulnerability
43. threat[20418]:Microsoft PCT Protocol Remote Buffer Overflow
44. threat[49022]:Malware Eternal Stone DNS request connection
Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
|