TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1041
Signature ID: 38000
Trend Micro ServerProtect Spntsvc.exe DCE/RPC multiple buffer overflow Exploit
Threat Level: Severe
Industry ID: CVE-2007-4218
Bugtraq: 25395
Signature Description: ServerProtect Agent service 5.58 Build 1176 and prior is vulnerable to stack based buffer
overflow. This vulnerability is due to improper bounds checking by the SetPagerNotifyConfig function. By sending a
malicious RPC request to the SpntSvc.exe service on TCP port, a remote attacker could overflow a buffer and execute
arbitrary code on the vulnerable system with SYSTEM privileges. This vulnerability is fixed. Apply the patch for this
vulnerability(Security Patch 4 - Build 1185), available from the Trend Micro Web site. Exploit attempts of this
vulnerability are detected using a combination of signatures. This signature generates a log message.
Signature ID: 38001
Trend Micro ServerProtect Spntsvc.exe DCE/RPC multiple buffer overflow Exploit
Threat Level: Severe
Industry ID: CVE-2007-4218 Bugtraq: 25395
Signature Description: ServerProtect Agent service 5.58 Build 1176 is vulnerable to stack based buffer overflow. This
vulnerability is due to improper bounds checking by the SetSpntShareConfig function. By sending a malicious RPC
request to the SpntSvc.exe service on TCP port 5168, a remote attacker could overflow a buffer and execute arbitrary
code on the vulnerable system with SYSTEM privileges. This vulnerability is fixed. Apply the patch for this
vulnerability(Security Patch 4 - Build 1185), available from the Trend Micro Web site. This signature specifically
detects if an attacker could send malicious pattern in little endian form.
Signature ID: 38002
Trend Micro ServerProtect Spntsvc.exe DCE/RPC multiple buffer overflow Exploit
Threat Level: Severe
Industry ID: CVE-2007-4218 Bugtraq: 25395
Signature Description: ServerProtect Agent service 5.58 Build 1176 and prior is vulnerable to stack based buffer
overflow. This vulnerability is due to improper bounds checking by the AddTaskExportLogItem function. By sending a
malicious RPC request to the SpntSvc.exe service on TCP port, a remote attacker could overflow a buffer and execute
arbitrary code on the vulnerable system with SYSTEM privileges. This vulnerability is fixed. Apply the patch for this
vulnerability(Security Patch 4 - Build 1185), available from the Trend Micro Web site.
Signature ID: 38003
Trend Micro ServerProtect Spntsvc.exe DCE/RPC multiple buffer overflow Exploit
Threat Level: Severe
Industry ID: CVE-2007-4218 Bugtraq: 25395
Signature Description: ServerProtect Agent service 5.58 Build 1176 and prior is vulnerable to stack based buffer
overflow. This vulnerability is due to improper bounds checking by the SetPagerNotifyConfig function. By sending a
malicious RPC request to the SpntSvc.exe service on TCP port, a remote attacker could overflow a buffer and execute
arbitrary code on the vulnerable system with SYSTEM privileges. This vulnerability is fixed. Apply the patch for this
vulnerability(Security Patch 4 - Build 1185), available from the Trend Micro Web site. Exploit attempts of this
vulnerability are detected using a combination of signatures. This signature generates a log message. This signature
specifically detects if an attacker could send malicious pattern in little endian form.
Signature ID: 38004
Trend Micro ServerProtect Spntsvc.exe DCE/RPC multiple buffer overflow Exploit
Threat Level: Severe
Industry ID: CVE-2007-4218
Bugtraq: 25395
Signature Description: ServerProtect Agent service 5.58 Build 1176 and prior is vulnerable to stack based buffer