TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
111
project's C and C++ compiler used to compile C and C++ source files into executable binary files. The attacker could
possibly compile a program needed for other attacks on the system or install a binary program of his choosing. Logs
will be generated for this signature when /usr/bin/g++ pattern is sent to the http server.
Signature ID: 910
/usr/bin/gcc command web execute vulnerability
Threat Level: Severe
Signature Description: This is an attempt to compile a C or C++ source on a host. The gcc command is the GNU
project's C and C++ compiler used to compile C and C++ source files into executable binary files. The attacker could
possibly compile a program needed for other attacks on the system or install a binary program of his choosing. Logs
will be generated for this signature when /usr/bin/gcc pattern is sent to the http server.
Signature ID: 911
/usr/bin/id command web execute vulnerability
Threat Level: Severe
Signature Description: Id is a UNIX command that will return information about the system's users and groups. This
information is valuable to an attacker who can use it to plan further attacks based on the users possible login
information or be more effective in targeting specific users and groups who possess elevated privileges . The id
command will return information on the user and the users "gid" and "uid". Logs will be generated for this signature
when /usr/bin/id pattern is sent to the http server.
Signature ID: 912
/usr/bin/perl command web execute vulnerability
Threat Level: Severe
Signature Description: This is an attempt to execute a perl script on a host. perl is a scripting language that is available
on a wide variety of platforms. By default perl code runs with full access to all libraries and inbuilt commands available
to the language. When combined with the access permissions of the user executing the script, the consequences of
running arbitrary code can be devastating. Logs will be generated for this signature when /usr/bin/perl pattern is sent to
the http server.
Signature ID: 913
X server display parameter vulnerability
Threat Level: Severe
Signature Description: This rule generates an event when an X Windows system command is used with a parameter to
set the display location over a plain-text (unencrypted) connection on one of the specified web ports to the target web
server. The "display" parameter is used to specify an address for the X server to listen for connections.
Signature ID: 914
/bin/nasm command web execute vulnerability
Threat Level: Severe
Signature Description: This is an attempt to compile a program source on a host using NASM (Netwide Assembler)
which is capable of compiling a variety of sources on a variety of platforms into executable binary files. The attacker
could possibly compile a program needed for other attacks on the system or install a binary program. This rule will
triggers when an attempt is made to send an /bin/nasm pattern.
Signature ID: 915
Bin/python command web execute vulnerability
Threat Level: Severe
Signature Description: Python is a dynamic object-oriented programming language that can be used for many kinds of