TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1046
ActionDefineFunction2(0x8E) in the DoAction Tag. The vulnerable parameter is a user supplied
ActionDefineFunction(0x9B) or ActionDefineFunction2(0x8E) action record.
Signature ID: 38057
WinACE RAR and TAR Directory Traversal Vulnerability
Threat Level: Severe
Bugtraq: 16800
Signature Description: There exists a directory traversal vulnerability in the WinACE application. The flaw is caused
by improper handling of the path name of archived files in TAR and RAR archives. By persuading a user to open a
crafted archive with the affected application, an attacker may place files in arbitrary locations on the target system,
which may lead to code execution. The vulnerable file is the executable winace.exe. The vulnerable parameter is the
file name string in the TAR and RAR archive headers. Exploit attempts of this vulnerability detected using a
combination of two signatures, this is second signature and drop packet generate log message.
Signature ID: 38060
ImageMagick SGI File Handling Buffer Overflow
Threat Level: Warning
Industry ID: CVE-2006-4144
Signature Description: A vulnerability exists in the ImageMagick SGI decoder component. The flaw is created due to
insufficient checks of data contained in SGI files during processing. An attacker may exploit the flaw in order to divert
the flow of vulnerable application process. The vulnerable file is the SGI image decoder module sgi.so. The vulnerable
function is ReadSGIImage(), which is defined in source file coders/sgi.c. The vulnerable parameter is the ZSIZE field
in the SGI image header.
Signature ID: 38061
Microsoft Internet Explorer MHTML URI Buffer Overflow
Threat Level: Warning
Industry ID: CVE-2006-2766
Signature Description: There exists a buffer overflow vulnerability in the Microsoft Internet Explorer product. The
flaw is caused by an improper check of the MHTML URI string. An attacker may exploit this vulnerability to cause a
denial of service condition. A code execution attack is not possible as a stack integrity feature is present in the affected
application.The problematic program is the dynamically linked library inetcomm.dll.The vulnerable function is
responsible for processing an MHTML URL string. The vulnerable parameter is an overly long MHTML URL string.
Signature ID: 38062
Apache 1.3 mod_proxy Buffer Overflow vulnerability
Threat Level: Warning
Industry ID: CVE-2004-0492
Signature Description: A vulnerability exists in the mod_proxy module of Apache 1.3, which can be used as a web
proxy, reverse proxy, and/or cache. This module contains a heap-based buffer overflow that occurs while retrieving an
HTTP response from a malicious server on behalf of a client. An attacker may use this vulnerability to trigger a denial
of service on the vulnerable Apache server. There is also the possibility of remote code execution on some older
operating system platforms.On UNIX-like platforms, the vulnerable program is either the shared object mod_proxy.so,
or, in cases in which the code of mod_proxy has been statically linked into the main executable httpd, that main
executable. On Windows platforms, the vulnerable program is either the shared object mod_proxy.dll, or, in cases in
which the code of mod_proxy has been statically linked into the main executable httpd.exe, that main executable.The
vulnerable functions are ap_proxy_send_fb() and ap_bread().