TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1021
Signature Description: Microsoft SQL Server is a relational database management system(RDBMS) produced by
Microsoft. Its primary query languages are MS-SQL and T-SQL. The INSERT statement adds one or more records to
any single table in a relational database. Microsoft SQL Server, version 2005 SP1 and SP2, and 2005 Express Edition
SP1 and SP2, is a buffer overflow vulnerability, caused by improper handling of memory when processing INSERT
statements. This issue is triggered when an attacker sending a specially-crafted INSERT SQL statement involving
EXEC command on TCP port 1433. The successful exploitation may allow an attacker to overflow a buffer and
execute arbitrary code on the system. Apply the appropriate Patch, which is available at Microsoft Security Bulletin
MS08-040 for resolve the issue. This signature detects attack traffic using the vulnerable statement in UTF encoding.
Signature ID: 36208
Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass
Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-3703 Bugtraq: 30596
Signature Description: Symantec Storage Foundation for Windows is a networked tool for storing and managing data.
The Specific flaw exists in the functionality exposed by the storage Foundation for Windows Scheduler Service,
VxSchedService.exe, which listens by default on TCP port 4888 for messages from clients computers. Attackers could
connect directly to the Scheduler Service via NULL NTLMSSP authentication to add, modify, or delete snapshots
schedules. The successful exploitation may allow an attacker to execute arbitrary code with SYSTEM privileges when
a scheduled run occurs. The affected versions of this issue are Symantec Veritas Storage Foundation 5.0, 5.0 RP1a and
5.1. Apply the appropriate patch for resolving this issue, which is available at vendor's web site.
Signature ID: 36210
Microsoft IIS WebHits Authentication Bypass Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-2815 Bugtraq: 24105
Signature Description: Microsoft Internet Information Server(IIS) is a web server for windows. The hit-highlighting
component is a part of the Indexing Service that works with IIS to return indexed content from a web site. Microsoft
IIS, version 5.0, is prone to an authentication bypass vulnerability due to its implementation of 'Hit-highlighting'
functionality. This issue is triggered when an attacker sending a specially-crafted URL request to the 'null.htw' script in
an invalid directory using the CiWebhitsfile parameter. The successful exploitation may allow an attacker to bypass
authentication and gain unauthorized access to the server. The issue is fixed in the version of IIS (6.0 or later). The
Administrators are advise to update the latest version of IIS(6.0 or later) for resolve the issue.
Signature ID: 36211
Apple iLife iPhoto Photocast XML Title Format String Vulnerability
Threat Level: Warning
Industry ID: CVE-2007-0051 Bugtraq: 21871
Signature Description: IPhoto makes sharing photos faster, simpler, and cooler. It is easy publishing to the web, special
effects, and new custom cards and calendars. iLife iPhoto Photocast, version 6.0.5, is a format string vulnerability,
caused by improper handling of photocast XML feeds. This issue is triggered when an attacker creating a specially-
crafted XML file containing format string(%n, %x etc) in the Title field. The successful exploitation may allow an
attacker to execute arbitrary commands on the system. This issue is fixed in the version of iPhoto 6.0.6. The
administrators are advised to update the version iPhoto 6.0.6 for resolve the issue.
Signature ID: 36212
WordPress Backdoor ix Parameter Eval Vulnerability
Threat Level: Severe
Industry ID: CVE-2007-1277 Bugtraq: 22797