首页-> 服务与支持-> 客户支持-> 售后服务

服务与支持

升级包列表

名称: eoi.unify.allrulepatch.ips.5.6.10.18860.rule 版本:5.6.10.18860
MD5:c9bef0b1e0ca6f7bad2739f7a56195e8 大小:22.93M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18860。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24316]:Quest KACE 系统管理 run_report命令注入
2. 攻击[24317]:LIVE555 RTSP服务器缓冲区溢出漏洞(CVE-2018-4013)



注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.

NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18860. This package include changed rules:

new rules:
1. threat[24316]:Quest KACE Systems Management run_report Command Injection
2. threat[24317]:LIVE555 RTSP Server Buffer Overflow Vulnerability(CVE-2018-4013)



Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-11-02 15:26:59
名称: eoi.unify.allrulepatch.ips.5.6.10.18693.rule 版本:5.6.10.18693
MD5:87994da9fda861b432db0b3b4fc7ee52 大小:22.72M
描述:

本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18693。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24309]:Apache ActiveMQ Fileserver文件上传目录遍历漏洞(CVE-2016-3088)
2. 攻击[41619]:恶意软件Xbash向C2服务器上传扫描结果信息
3. 攻击[41618]:恶意软件Xbash C2服务器通信

更新规则:
1.攻击[24263]:Apache Hadoop YARN ResourceManager远程命令执行漏洞

注意事项:
1. 该升级包升级后引擎自动重启生效,不会造成会话中断,但ping包会丢3~5个,请选择合适的时间升级.


NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18693. This package include changed rules:

new rules:
1. threat[24309]:Apache ActiveMQ Fileserver File Upload Directory Traversal Vulnerability(CVE-2016-3088)
2. threat[41619]:Malware Xbash uploads scan result information to C2 server
3. threat[41618]:Malware Xbash Communicating with C2 Server


update rules:
1.threat[24263]:Apache Hadoop YARN ResourceManager Remote Command Execution Vulnerability

Announcements:
1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

发布时间:2018-09-30 23:18:25
名称: eoi.unify.allrulepatch.ips.5.6.10.18479.rule 版本:5.6.10.18479
MD5:34496185ed375c18a5b2f6f4356945f4 大小:22.48M
描述:

描述:
本升级包为统一威胁监测探针特征库升级包,仅支持在固件版本V2.0R00F00之上,引擎版本V2.0R00F00 及以上升级。升级包为全量升级包。升级后固件版本和引擎版本不变,规则版本变为5.6.10.18479。该升级包新增/改进的规则有:

新增规则:
1. 攻击[24296]:Adobe Acrobat EMF EmfPlusDrawLines计数堆缓冲区溢出漏洞(CVE-2018-5067)
2. 攻击[24297]:Node.js nghttp2 nghttp2_frame_altsvc_free 空指针引用(CVE-2018-1000168)
3. 攻击[24298]:Struts2远程命令执行漏洞(CVE-2018-11776)(S2-057)

更新规则:
1. 攻击[24294]:Apache Solr XML 外部实体注入漏洞(CVE-2018-8010,CVE-2018-8026)

NSFOCUS UTS product signature upgrade package, depends on firmware version at least V2.0R00F00 and engine version V2.0R00F00. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.10.18479. This package include changed rules:

new rules:
1. threat[24296]:Adobe Acrobat EMF EmfPlusDrawLines Count Heap Buffer Overflow Vulnerability(CVE-2018-5067)
2. threat[24297]:Node.js Foundation Node.js nghttp2 nghttp2_frame_altsvc_free Null Pointer Dereference(CVE-2018-1000168)
3. threat[24298]:Struts2 Remote Command Execution Vulnerability(CVE-2018-11776)(S2-057)

update rules:
1. threat[24294]:Apache Solr ConfigSets XML External Entity Expansion Information Disclosure(CVE-2018-8010,CVE-2018-8026)

发布时间:2018-08-24 11:17:55