TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1019
start to load malicious Program on Boot up. The malicious file size is about 237,568 bytes to 774,144 bytes.This
signature will trigger when AdWare.Win32.MWGuide keepalive traffic pattern found.
Signature ID: 35912
Adobe PDF JBIG2 buffer overflow remote code execution HTTP inbound Attempt
Threat Level: Severe
Industry ID: CVE-2009-0658 Bugtraq: 33751
Signature Description: A vulnerability has been identified in Adobe Portable Document Format (PDF) file, which
could be exploited by integrating popular web browsers, and visiting a malicious website. This issue is caused by an
array indexing error when processing a malformed JBIG2 stream within a PDF document, which could allow attackers
to cause a vulnerable application to crash or execute arbitrary code by tricking a user into opening a specially crafted
PDF file. JBIG2 format support handles the various flavors of text and generic region encoding/decoding procedures
based on sequential coding of the image pixels using arithmetic coding. Saving images in a JBIG2 format results in
smaller image file sizes when compared to other industry standard compressed format session. Adobe Acrobat Reader
version 8 and 9 is vulnerable.
Signature ID: 36201
Microsoft Host Integration Server Remote Command Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2008-3466 Bugtraq: 31620
Signature Description: The Microsoft Host Integration Server is an application suite that is used to communicate with
IBM mainframe servers. One of the component of the suite is a remote management interface. This interface is
implemented by an RPC server. The application is prone to a remote command-execution vulnerability in the Systems
Network Architecture(SNA) service through a remote procedure call(RPC). The RPC interface exposes potentially
dangerous methods to remote users without requiring authentication. Using RPC opcodes 1 or 6 could allow the
attacker to call to the CreateProcess() function. The attacker would have complete control over any application initiated
by the call to CreateProcess(). The successful exploitation may allow an attacker to execute arbitrary commands with
the privileges of the affected service. Exploit attempts of this vulnerability detected using a combination of two
signatures, this is second signature and generate log message.
Signature ID: 36202
Oracle Internet Directory Pre-Authentication LDAP Denial of Service Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-2595
Bugtraq: 30177
Signature Description: Internet Directory is Oracle's implementation of the Lightweight Directory Access
Protocol(LDAP) v3 service. It is used in conjunction with Oracle identity Management to implement user
administration in the Oracle environment. Oracle Internet Directory, version 9.0.4.3, 10.1.2.3, and 10.1.4.2, is denial of
service vulnerability. This issue is triggered when an attacker processing a malformed LDAP request, it is possible to
cause the handler of dereference a NULL pointer. The successful exploitation may allow an attacker to cause denial of
service.
Signature ID: 36203
Microsoft Windows Active Directory Crafted LDAP Request Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-0040
Bugtraq: 24800
Signature Description: The Lightweight Directory Access Protocol(LDAP) is a standard protocol that enables users to
query or modify the data in a meta directory. Microsoft's Active Directory is a directory service. It stores information
about objects on a network and makes this information available to users and network administrators. Microsoft
Windows Active Directory is a buffer overflow vulnerability. This issue is triggered when an attacker sending a