TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1020
specially-crafted LDAP Modify request. The successful exploitation may allow an attacker to overflow a buffer and
execute arbitrary code on the system.
Signature ID: 36204
Microsoft SQL Server CONVERT Function Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-0086
Signature Description: Microsoft SQL Server is a relational database management system(RDBMS) produced by
Microsoft. Its primary query languages are MS-SQL and T-SQL. Convert function is used for the conversion of date
and time information. This function has no security restrictions exist to limit access to the function, any authenticated
user can call the function. Microsoft SQL Server, version 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and
2000 Desktop Engine (WMSDE), is a stack-based buffer overflow vulnerability, caused by improper bounds checking
by convert() function. This issue is triggered when an attacker sending an overly large argument to the vulnerable
function on TCP port 1433. The successful exploitation may allow an attacker to overflow a buffer and execute
arbitrary code on the system or cause the SQL Server process to crash. Apply the appropriate Patch, which is available
at Microsoft Security Bulletin MS08-040 for resolve the issue.
Signature ID: 36205
Microsoft SQL Server CONVERT Function Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-0086
Signature Description: Microsoft SQL Server is a relational database management system(RDBMS) produced by
Microsoft. Its primary query languages are MS-SQL and T-SQL. Convert function is used for the conversion of date
and time information. This function has no security restrictions exist to limit access to the function, any authenticated
user can call the function. Microsoft SQL Server, version 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and
2000 Desktop Engine (WMSDE), is a stack-based buffer overflow vulnerability, caused by improper bounds checking
by convert() function. This issue is triggered when an attacker sending an overly large argument to the vulnerable
function on TCP port 1433. The successful exploitation may allow an attacker to overflow a buffer and execute
arbitrary code on the system or cause the SQL Server process to crash. Apply the appropriate Patch, which is available
at Microsoft Security Bulletin MS08-040 for resolve the issue. This signature detects attack traffic using the vulnerable
fuction in UTF encoding.
Signature ID: 36206
Microsoft SQL Server INSERT Statement Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2008-0106
Signature Description: Microsoft SQL Server is a relational database management system(RDBMS) produced by
Microsoft. Its primary query languages are MS-SQL and T-SQL. The INSERT statement adds one or more records to
any single table in a relational database. Microsoft SQL Server, version 2005 SP1 and SP2, and 2005 Express Edition
SP1 and SP2, is a buffer overflow vulnerability, caused by improper handling of memory when processing INSERT
statements. This issue is triggered when an attacker sending a specially-crafted INSERT SQL statement involving
EXEC command on TCP port 1433. The successful exploitation may allow an attacker to overflow a buffer and
execute arbitrary code on the system. Apply the appropriate Patch, which is available at Microsoft Security Bulletin
MS08-040 for resolve the issue.
Signature ID: 36207
Microsoft SQL Server INSERT Statement Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-0106