TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1044
lack of boundary check when processing user authentication requests. By sending specially crafted authentication
request, an unauthenticated remote attacker can leverage these flaws to execute arbitrary code on the target host with
System privileges.
Signature ID: 38043
CA BrightStor ARCServ Backup LGServer Authentication Password Buffer Overflow
vulnerability
Threat Level: Severe
Industry ID: CVE-2007-5004 Bugtraq: 24348
Signature Description: There exist two buffer overflow vulnerabilities in the way CA BrightStor ARCServe Backup
for Laptops and Desktops service handles incoming messages. Specifically the vulnerabilities are due to lack of
boundary check when processing user authentication requests. By sending specially crafted authentication request, an
unauthenticated remote attacker can leverage these flaws to execute arbitrary code on the target host with System
privileges.
Signature ID: 38044
Tripwire Format String Vulnerability over RPC
Threat Level: Severe
Industry ID: CVE-2004-0536 Bugtraq: 10454
Signature Description: There is a format string vulnerability in Tripwire, a software tool that checks file system
changes on a target system. Tripwire scans file systems for changes and can be configured to send an email report with
the scan details (e.g., with the -M option). Upon encountering a file with a specially crafted name during such a scan,
the format string vulnerability is triggered. It is possible for an attacker to run arbitrary code in the privilege of root,
which is the default user account that runs Tripwire. There are numerous ways for a remote attacker to create a file with
such a malicious name.
Signature ID: 38046
Microsoft Windows 2000 Domain Authentication By Pass Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-0540
Signature Description: There is a vulnerability within the authentication mechanism within Microsoft Windows 2000
that may allow a user with an expired Windows account to log in to a domain. Therefore, a remote user would be able
to gain access to resources located on a domain without having to authenticate. Exploit attempts of this vulnerability
are detected using a combination of two signatures. This is the second signature and generates a log message.
Signature ID: 38047
CA BrightStor ARCServe Backup LGServer Authentication Username Overflow
Threat Level: Severe
Industry ID: CVE-2007-5003
Bugtraq: 24348
Signature Description: A stack-based buffer overflow vulnerability exists in CA BrightStor ARCServe Backup for
Laptops and Desktops. The vulnerability is due to insufficient bounds checking in the LGServer process while
performing authentication of users. A remote unauthenticated attacker could exploit this vulnerability by sending an
overly large user name to the vulnerable service, and could inject and execute arbitrary code with System privileges.
The vulnerable program is the Dynamic Link Library rxRPC.dll.