TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1043
Signature ID: 38010
Trend Micro ServerProtect Spntsvc.exe DCE/RPC multiple buffer overflow Exploit
Threat Level: Severe
Industry ID: CVE-2007-4218
Bugtraq: 25395
Signature Description: ServerProtect Agent service 5.58 Build 1176 is vulnerable to stack based buffer overflow. This
vulnerability is due to improper bounds checking by the Trent_req_num_a0030 function. By sending a malicious RPC
request to the SpntSvc.exe service on TCP port 5168, a remote attacker could overflow a buffer and execute arbitrary
code on the vulnerable system with SYSTEM privileges. This vulnerability is fixed. Apply the patch for this
vulnerability(Security Patch 4 - Build 1185), available from the Trend Micro Web site. This signature specifically
detects if an attacker could send malicious pattern in little endian form.
Signature ID: 38033
Trend Micro ServerProtect _SetPagerNotifyConfig attempt v4
Threat Level: Severe
Industry ID: CVE-2007-4218 Bugtraq: 25395
Signature Description: ServerProtect Agent service 5.58 Build 1176 is vulnerable to stack based buffer overflow. This
vulnerability is due to improper bounds checking by the SetPagerNotifyConfig function. By sending a malicious RPC
request to the SpntSvc.exe service on TCP port 5168, a remote attacker could overflow a buffer and execute arbitrary
code on the vulnerable system with SYSTEM privileges. This vulnerability is fixed. Apply the patch for this
vulnerability(Security Patch 4 - Build 1185), available from the Trend Micro Web site. This signature specifically
detects if an attacker could send malicious pattern along with UUID.
Signature ID: 38040
MIT Kerberos kadmind RPC Library RPCSEC_GSS Authentication Buffer Overflow
Threat Level: Severe
Industry ID: CVE-2007-3999
Signature Description: There exists a buffer overflow vulnerability in MIT Kerberos Administration Server (kadmind).
The vulnerability is due to boundary error when processing RPC requests. A remote, unauthenticated attacker can
exploit this vulnerability by sending a specially crafted RPC request to the kadmind daemon. Successful exploitation
may lead to executing arbitrary code with root privileges on the target host.
Signature ID: 38041
CA Brightstore ARCserve Backup LGServer Arbitrary File Upload
Threat Level: Severe
Industry ID: CVE-2007-5005 Bugtraq: 24348
Signature Description: An arbitrary file upload vulnerability exists in CA BrightStor ARCServe Backup for Laptops
and Desktops. The vulnerability is due to insufficient access control in the LGServer process while handling file
uploads from remote users. A remote unauthenticated attacker could exploit this vulnerability to upload file to specified
location on the target file system. Moreover, the attacker can facilitate other functionality of the affected server to load
and execute the uploaded file with System privileges.
Signature ID: 38042
CA BrightStor ARCServ Backup LGServer Authentication Password Buffer Overflow
vulnerability
Threat Level: Severe
Industry ID: CVE-2007-5004
Bugtraq: 24348
Signature Description: There exist two buffer overflow vulnerabilities in the way CA BrightStor ARCServe Backup
for Laptops and Desktops service handles incoming messages. Computer Associates Desktop Management Suite 11.2
and prior versions are vulnerable to arbitrary code execution vulnerability. Specifically the vulnerabilities are due to