TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1024
fixed in the version of VLC media player(0.9.3 or later), available from the VideoLAN web site. The Administrators
are advise to update this version for resolve the issue.
Signature ID: 36300
Microsoft Active Directory LDAP Query Handling Denial of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-2008-0088
Bugtraq: 27638
Signature Description: Lightweight Directory Access Protocol is a set of open protocols used to access centrally stored
information over a network. Microsoft Active Directory on Windows 2000 Server platform and Windows XP are
vulnerable to denial of service. The vulnerability is caused by improper handling of specifically crafted LDAP requests.
A remote attacker can exploit this vulnerability to create a denial of service condition on the target system. This issue is
fixed and update the patches are available at vendor web site to resolve this issue.
Signature ID: 36302
Adobe Reader and Acrobat util.printf Stack Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2008-2992
Signature Description: Adobe Acrobat is a family of computer programs developed by Adobe Systems, designed to
view, create, manipulate and manage files in Adobe's Portable Document Format. Adobe Acrobat and Reader 8.1.2 and
earlier are vulnerable to a stack based buffer over flow via a PDF file that calls the util.printf JavaScript function with a
crafted format string argument. Successfully exploiting of this issue allows remote attackers to execute arbitrary
machine code with system-level privileges. This issue is fixed in Adobe Reader 9,Acrobat 9 , Adobe Reader 8.1.3 and
Acrobat 8.1.3. Administrators are advised to update the not vulnerable versions to resole this vulnerability.
Signature ID: 36303
OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2006-3738 Bugtraq: 20249
Signature Description: OpenSSL is an open source implementation of the SSL protocol. A remotely exploitable buffer
overflow vulnerability exists in OpenSSL versions 0.9.7-0.9.8. The vulnerability specifically exists in the function
SSL_Get_Shared_Ciphers function which extracts the cipher codes from the ClientHello message. A remote attacker
can exploit this vulnerability by sending a specially crafted ClientHello message that contains a long list of cipher
codes to the target server. Successful exploitation would allow for executing arbitrary code with the privileges of the
application using the OpenSSL library. Upgrade to the latest version of OpenSSL (0.9.7l or 0.9.8d or later). Also most
of the vendors that use vulnerable OpenSSL has released patches. This signature will detect, if attack pattern is coming
on SSlv2 version.
Signature ID: 36304
Microsoft Internet Explorer Data Binding Code Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2008-4844 Bugtraq: 32721
Signature Description: Microsoft Internet Explorer 6, Microsoft Internet Explorer 6 SP1, Microsoft Internet Explorer
5.01 SP4, Microsoft Internet Explorer 7, Microsoft Internet Explorer 7.00.6000.16386, Microsoft Internet Explorer
7.0.5730.13 and Microsoft Internet Explorer 7.00.6001.18000 are vulnerable to buffer over flow. Microsoft Internet
Explorer could allow a remote attacker to execute arbitrary code on the system, caused by an error related to data
binding when parsing a Web page. By persuading a victim to visit a malicious Web page, a remote attacker could
exploit this vulnerability to corrupt memory and execute arbitrary code on the system with the privileges of the victim.
This issue is fixed and administrators are advised to update the latest versions to resolve this issue.