Project

General

Profile

Actions
Copy link

Support #2401

closed

Detect last CPU's vulnerabilities

Added by Roman Karpyuk over 6 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
Label:

Description

Dear colleagues,

please confirm if Suricata with last ET Pro rules can detect Meltdown и Spectre (CVE-2017-5754, CVE-2017-5753, CVE-2017-5715)
Thanks.

Actions
Copy link
 #1

Updated by Victor Julien over 6 years ago

  • Priority changed from High to Normal
  • Target version deleted (4.0.4)
Actions
Copy link
 #2

Updated by Andreas Herz over 6 years ago

  • Assignee set to Anonymous
  • Target version set to Support

That is something you would need to ask the people who created the ET Pro ruleset.

Actions
Copy link
 #3

Updated by Jason Williams over 6 years ago

Roman,

The ETPRO signature set has a few signatures on various PoCs that have been observed in the wild. As this is a host vulnerability, it is more efficient to detect this exploit on the host.

Thanks,

Jason

Actions
Copy link
 #4

Updated by Victor Julien over 5 years ago

  • Status changed from New to Closed
  • Assignee deleted (Anonymous)
  • Target version deleted (Support)
Actions
Copy link

Also available in: Atom PDF