Snort mailing list archives

Re: Citrix CVE-2019-19781

From: "Joel Esler \(jesler\) via Snort-sigs" <snort-sigs () lists snort org>
Date: Wed, 15 Jan 2020 02:30:36 +0000

If you are using a Cisco Firepower device, probably the best course would be to call TAC. Are you sure you’ve updated
your SRU?

Sent from my  iPhone

On Jan 14, 2020, at 20:04, Rees Bevan via Snort-sigs <snort-sigs () lists snort org> wrote:

Hello list,

The Talos blog post here: https://blog.talosintelligence.com/2020/01/snort-rules-cve-2019-19781.html mentions three
rules, signatures 52512, 52513, and 52603. The blog indicates that the rules have been available since 12/24/19.

My environment includes Sourcefire NGIPS and snort sensors running with the VRT subscription. I cannot locate these
rules in either place. We are using “Security over Connectivity” on both the pulledpork config and the NGIPS config.
I have grepped the rules files on our snort sensors and I see current rules, but not 52512, 52513, and 52603. On the
NGIPS, I have sorted the intrusion rules by priority and tried searching by signatures and keywords, but no luck.

Where should I be looking for these rules?

Rees Bevan, CISSP, GCIA, MCSE
rbevan () swcp com

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

Current thread:

Citrix CVE-2019-19781 Rees Bevan via Snort-sigs (Jan 14)
- Re: Citrix CVE-2019-19781 Joel Esler (jesler) via Snort-sigs (Jan 14)
  - Re: Citrix CVE-2019-19781 Rees Bevan via Snort-sigs (Jan 14)
    - Re: Citrix CVE-2019-19781 Joel Esler (jesler) via Snort-sigs (Jan 15)
    - Re: Citrix CVE-2019-19781 Rees Bevan via Snort-sigs (Jan 15)
    - Re: Citrix CVE-2019-19781 Joel Esler (jesler) via Snort-sigs (Jan 15)
    - Re: Citrix CVE-2019-19781 rbevan via Snort-sigs (Jan 15)
    - Re: Citrix CVE-2019-19781 Joel Esler (jesler) via Snort-sigs (Jan 15)