Cisco IPS Active Update Bulletin
| March 26, 2009 |
|
|||||||||
 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
IN THIS ISSUE:
1. Announcing the S388 Signature Update for IPS The S388 signature update contains the following new signatures:
The S388 signature update contains the following modified signatures:
Modified signature details: SFR has been increased for the following sigs: 3003-0 TCP Frag SYN Port Sweep 3157-0 FTP PASV Port Spoof 3534-0 IMAP Long AUTHENTICATE Command The following sigs have been retired: 3180-1 BakBone NetVault Remote Heap Overflow 3251-0 TCP Hijack Simplex Mode 3408-0 Telnet Client LINEMODE SLC Option Overflow 5463-0 Computer Associates License Software GETCONFIG Buffer Overflow 6008-0 First 4 Internet XCP Uninstallation ActiveX Control The following sigs have been modified to increase fidelity: 5569-0 MDaemon Imap Authentication Overflow 5602-0 Windows System32 Directory File Access IMPORTANT NOTES: All signature updates are cumulative. The S388 signature update contains all previously released signature updates. You must have a valid Cisco Services for IPS contract per sensor to receive and use software upgrades including signature updates from Cisco.com. A Cisco Services for IPS Services License is required for the installation of all signature updates. The Cisco Services for IPS Services License can be requested from http://www.cisco.com/go/license for all sensors covered by a maintenance contract. To manage your maintenance contracts use the Service Contract Center: http://www.cisco.com/cgi-bin/front.x/scccibdispatch?AppName=ContractAgent
SUPPORTED PLATFORMS: The S388 signature update can ONLY be applied to E3 sensors. IPS S388 Software Update Files: Sensor appliances, IDSM2, NM-CIDS, ASA-SSM-AIP modules: click here
IOS IPS in 12.4(11)T or later T-Train Releases: http://www.cisco.com/pcgi-bin/tablebuild.pl/ios-v5sigup Note: Posting of signature release files for IOS IPS may take a few additional days.
CISCO SECURITY MANAGER (CSM) NOTICE:
Note 1: You can only apply the IPS-CS-MGR-sig-S388-req-E3.zip signature update file to CSM 3.0 or later and IPS MC version 2.2 or later. The E3 Engine Update packages for sensors are deployed automatically the first time a signature set that requires E3 is deployed by CSM. E3 updates are not listed or available for selection in the Apply Update Wizard and cannot be applied independently by CSM. To ensure that the E3 update is applied to your sensors, please ensure that you push the S366 package to your sensors.
2. Announcing End-of-Life (EOL) for new signature updates in 4.x format for Cisco IOS IPS feature IMPORTANT ANNOUNCEMENT:
3. Cisco IPS Signature correlation available in the Cisco. Security IntelliShield Alert Manager Service Search Access Feature The Cisco IPS Team is pleased to announce the correlation of Cisco IPS Signature information within the IntelliShield Alert Manager Search Access Feature. Cisco Services for IPS clients that subscribe to the service now have access to perform targeted searches to display Cisco IPS Signatures associated with different alerts to ensure they have the most up to date intelligence. Subscribers can view a new IPS Signature list page that is searchable and will display Cisco IPS Signatures associated with IntelliShield Alerts. IntelliShield Alerts also contain the associated Cisco IPS Signature information within each alert. The IntelliShield Alert Manager Search Access Feature provides clients with access to one of the most extensive collections of vendor-neutral security intelligence alerts in the industry. Clients can access a fully indexed and searchable database that extends back over six years and contains more than 1700 vendors, 5500 products, and 20,000 distinct versions of applications. To obtain access to the IntelliShield Alert Manager Search Access Feature, each user is required to provide either a valid IPS License File or a valid IPS Serial Number to authorize the creation of this user account. Only one user account is permitted for each IPS License File or IPS Serial Number. Please proceed to the registration page at the following link to obtain your access: https://intellishield.cisco.com/security/alertmanager/intelliShieldSearch Email support is available for users of the Cisco Security IntelliShield Alert Manager Service Search Access Feature at intellishieldsearch-support@cisco.com . Support is provided by Cisco during the hours of 7:00 a.m. and 7:00 p.m. Eastern Time.
4. Subscribe to the Product Alert Tool for IPS Related Field Issues Simply visit: http://tools.cisco.com/Support/PAT/do/ViewMyProfiles.do and follow these steps: - Select Create a new Alert Profile. You will be kept up to date with the latest news on your IPS hardware appliances.
5. Subscription Information Your opinions are important to us. If you have feedback about the Active Update Bulletin, please contact us at ips-news@cisco.com. For technical support, sales or other issues, please contact your authorized Cisco reseller or Cisco TAC. Please note that technical support or sales questions sent to this address will not be answered or redirected. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Additional Information |
|
||
|
|
|
|
||
Links
|
