Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1372 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS Signature ID links to CVE or other additional information

MartinDamgaard

Hi there

We're seeing some IPS alerts with SID number 1170419080 - "SERVER-ORACLE Oracle MySQL sql_authentication Integer Overflow".
How can i find more information about this? On Sophos UTM i can look up the Snort ID and the alert email usually contains a link.

I have googled the SID number, but nothing comes up. If i google the text, i can find something, but not sure it is the correct CVE.

I also tried looking here: https://lists.astaro.com/ASGV9-IPS-rules.html but that ID number is not in there either. (But it seems to be missing a lot).
Where can we find a complete list of IPS signatures and links to information for Sophos XG 18?



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thanks for reaching out to the Community! 

    We're following up with our LAB teams regarding your query and will update you as soon as more information becomes available.

    However, you can check out the IPS signature release notes for XG Firewall at the following link:

    Thanks,

  • 0 in reply to FormerMember

    Thank you H_Patel

    I already know about the IPS Signature release notes. And they are very nice. But those only show changes since last signature update.
    So it will not make me search/browse through all of the up to date IPS signatures in use on the current Up2Date signature list.

    Sophos needs to make this information readily available!
    We need to know easily, that SID numbers refers to, and look up any additional CVE / Snort information.

Reply
  • 0 in reply to FormerMember

    Thank you H_Patel

    I already know about the IPS Signature release notes. And they are very nice. But those only show changes since last signature update.
    So it will not make me search/browse through all of the up to date IPS signatures in use on the current Up2Date signature list.

    Sophos needs to make this information readily available!
    We need to know easily, that SID numbers refers to, and look up any additional CVE / Snort information.

Children