TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1002
Digital Image Suite has full support for Adobe Photoshop plugins. It also includes Digital Image Library for organizing
images. Microsoft Digital Image picturepusher ActiveX control (PipPPush.dll 7.00.0709) is vulnerable to information
disclosure vulnerability. By sending a specially-crafted POST request using the insecure AddString() and post()
methods and a modified POSTURL, a remote attacker could exploit this vulnerability to upload malicious files to Web
servers that allow file uploads. Attackers may exploit this issue by enticing victims into visiting a maliciously crafted
web page. Successful exploits will allow remote attackers to download files from arbitrary locations to the affected
computer. No remedy is available as of November 10, 2008. Alternately user can set kill bit to the clsid 507813C3-
0B26-47AD-A8C0-D483C7A21FA7 to resolve this issue.
Signature ID: 35688
Pi3Web ISAPI Directory Remote Denial Of Service Vulnerability
Threat Level: Severe
Bugtraq: 32287
Signature Description: Pi3Web is a free, multi threaded, highly configurable and extensible HTTP 1.0/1.1 web server
and development environment for cross platform internet server development and deployment. It is written in C++.
Pi3Web 2.0 supports among other things CGI, FCGI, Win-CGI, SSI, directory indexing, SSL, embedded perl, PHP4,
Servlets, JSP and XSLT. Pi3Web version 2.0.13 is vulnerable to denial of service attack. By sending an invalid ISAPI
module request to Pi3Web server a remote attacker can crash the server, denying access to legitimate users. No remedy
is available as of November, 13 2008. Alternately delete the users.txt, install.daf and readme.daf in ISAPI folder or
disable ISAPI mapping in server configuration in Server Admin -> Mapping Tab to resolve this issue.
Signature ID: 35689
Remote DNS Cache Poisoning Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-1447
Signature Description: The Domain Name System (DNS) is a hierarchical naming system for computers, services, or
any resource participating in the Internet. It associates various information with domain names assigned to such
participants. The DNS protocol, as implemented in BIND 8 and 9 before 9.5.0-P1, in Windows 2000 SP4, XP SP2 and
SP3, and Server 2003 SP1 and SP2 and other implementations are vulnerable to information vulnerability. DNS service
does not use sufficiently random UDP sockets to process queries. A remote user can send specially crafted DNS
queries and responses to the target service to spoof responses and insert records into the DNS cache. This may cause
traffic to be redirected to arbitrary server addresses chosen by the remote user. Patch details are available users are
advised to apply the appropriate patch, as listed in Microsoft Security Bulletin MS08-037.
Signature ID: 35690
Hummingbird Deployment Wizard 10 'DeployRun.dll' ActiveX Control Multiple Security
Vulnerabilities
Threat Level: Severe
Industry ID: CVE-2008-4728 Bugtraq: 31799
Signature Description: Hummingbird Deployment Wizard 10 ActiveX control is used by Hummingbird products to aid
in installing and configuring software. Hummingbird Deployment Wizard 10 10.0.0.44 is vulnerable to arbitrary code
execution vulnerabilities. These issues are caused due to the insecure methods "Run()", "PerformUpdateAsync()" and
"SetRegistryValueAsString()" being provided by the "DeployRun.dll" ActiveX control, which could allow malicious
web sites to execute arbitrary applications or manipulate registry keys. By persuading a victim to visit a malicious Web
page, a remote attacker can execute the arbitrary code or modify the registry values in the victim system. No remedy is
available as of November 20, 2008 alternately user can set kill bit to the clsid 7F9B30F1-5129-4F5C-A76C-
CE264A6C7D10 to resolve this issue.