TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

101

102

103

104

105

106

107

108

109

110

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

101

returned to the user when a non-existing file is requested (e.g. the result contains the JavaScript provided in the

request). The vulnerability would allow an attacker to make the server present the user with the attacker's

JavaScript/HTML code. Since the content is presented by the server, the user will give it the trust level of the server

(for example, the trust level of banks, shopping centers, etc. would usually be high).

Signature ID: 712

Linux-PAM Pam_Unix.SO Authentication Bypass Vulnerability

Threat Level: Warning

Industry ID: CVE-2007-0003 Bugtraq: 22204

Signature Description: The Linux-PAM package contains Pluggable Authentication Modules. This is useful to enable

the local system administrator to choose how applications authenticate users. Linux-PAM version 0.99.7.0 is prone to

an authentication bypass vulnerability. Specifically, an error occurs in the '_unix_verify_password()' function of

'modules/pam_unix/support.c'. Accounts that have only two character password hashes in '/etc/passwd', an attacker

could exploit this vulnerability to bypass security restrictions and gain unauthorized access to the system using arbitrary

accounts. This issue is fixed in version 0.99.7.1. The administrator advise to update the latest version of Linux-

PAM(0.99.7.1 or later), available at vendor's website.

Signature ID: 713

Psunami.CGI Remote Command Execution Vulnerability

Threat Level: Information

Bugtraq: 6607 Nessus: 11750

Signature Description: Psunami is a CGI script that provides online bulletin board for web sites. Psunami Bulletin

Board version 0.5.2 is prone to a remote command execution vulnerability. This rule will triggers when an attacker

submit a URL request to the psunami.cgi script that contains shell code between pipe characters (|) in the topic

parameter. When the web server receives the HTTP request, it executes the code placed between the pipe characters.

No remedy available as of September, 2008.

Signature ID: 714

PDGSoft Shopping Cart redirect.exe/changepw.exe Buffer Overflow Vulnerability

Threat Level: Severe

Industry ID: CVE-2000-0401 Bugtraq: 1256 Nessus: 11723

Signature Description: PDGSoft Shopping Cart is a Web-based shopping cart system. PDGSoft version 1.50 is

vulnerable to a buffer overflow in the redirect.exe/changepw.exe script. By sending a long query string, a remote

attacker can overflow a buffer and execute arbitrary code on the system. Upgrade to latest version of the software from

vendor's website.

Signature ID: 715

Basilix Webmail Incorrect File Permissions Vulnerability

Threat Level: Information

Industry ID: CVE-2001-1044

Bugtraq: 2198 Nessus: 10601

Signature Description: BasiliX is a web mail application based on a PHP and IMAP, and powered with the MySQL

database server. It has a user-friendly interface and its HTML files are easy to be changed/edited. If the web server is

not configured to recognize files with ".class" or ".inc" extension as PHP scripts, a remote attacker can send an HTTP

request to view these files, which may contain sensitive data, such as the MySQL password and user name information.

The affected version of BasiliX is 0.9.7beta. No remedy available as of July, 2008.