Project

General

Profile

Actions

Support #2401

closed

Detect last CPU's vulnerabilities

Added by Roman Karpyuk almost 7 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
Label:

Description

Dear colleagues,

please confirm if Suricata with last ET Pro rules can detect Meltdown и Spectre (CVE-2017-5754, CVE-2017-5753, CVE-2017-5715)
Thanks.

Actions #1

Updated by Victor Julien almost 7 years ago

  • Priority changed from High to Normal
  • Target version deleted (4.0.4)
Actions #2

Updated by Andreas Herz almost 7 years ago

  • Assignee set to Anonymous
  • Target version set to Support

That is something you would need to ask the people who created the ET Pro ruleset.

Actions #3

Updated by Jason Williams almost 7 years ago

Roman,

The ETPRO signature set has a few signatures on various PoCs that have been observed in the wild. As this is a host vulnerability, it is more efficient to detect this exploit on the host.

Thanks,

Jason

Actions #4

Updated by Victor Julien about 6 years ago

  • Status changed from New to Closed
  • Assignee deleted (Anonymous)
  • Target version deleted (Support)
Actions

Also available in: Atom PDF