TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
113
Signature ID: 921
Chsh command web execute vulnerability
Threat Level: Severe
Signature Description: This is an attempt to change a users shell on a machine. Using "chsh" command an attacker may
change the shell of a user to suit his own needs. By changing the shell an attacker may further compromise a machine
by specifying a shell that could contain a Trojan Horse component or that could contain embedded commands specially
crafted by anattacker. Logs will be generated for this signature when /usr/bin/chsh pattern is sent to http server.
Signature ID: 922
WEB-ATTACKS conf/httpd.conf vulnerability
Threat Level: Severe
Signature Description: The httpd.conf file lists the configuration of the web server including modules loaded on start
and access authorization files. The attacker can make a standard HTTP request that contains 'conf/httpd.conf' in the
URI and gain information needed for other attacks on the host. Logs will be generated for this signature when
"conf/httpd.conf" pattern is sent to the http server.
Signature ID: 923
Cpp command web execute vulnerability
Threat Level: Warning
Signature Description: This is an attempt to compile a C or C++ source file on a host. The cc command is the GNU
project's C and C++ compiler used to compile C and C++ source files into executable binary files. The attacker could
possibly compile a program needed for other attacks on the system or install a binary program of his choosing. Logs
will be generated for this signature when "cpp" pattern is sent to the http server.
Signature ID: 925
G++ command web execute vulnerability
Threat Level: Warning
Signature Description: This is an attempt to compile a C or C++ source file on a host. The g++ command is the GNU
project's C and C++ compiler used to compile C and C++ source files into executable binary files. The attacker could
possibly compile a program needed for other attacks on the system or install a binary program of his choosing. Logs
will be generated for this signature when "g++" pattern is sent to the http server.
Signature ID: 926
Gcc command web execute vulnerability
Threat Level: Warning
Signature Description: This is an attempt to compile a C or C++ source on a host. The gcc command is the GNU
project's C and C++ compiler used to compile C and C++ source files into executable binary files. The attacker could
possibly compile a program needed for other attacks on the system or install a binary program of his choosing. Logs
will be generated for this signature when "gcc" pattern is sent to the http server.
Signature ID: 927
Id command web execute vulnerability
Threat Level: Warning
Signature Description: Id is a UNIX command that will return information about the system's users and groups. This
information is valuable to an attacker who can use it to plan further attacks based on the users possible login
information or be more effective in targeting specific users and groups who possess elevated privileges . The id
command will return information on the user and the users "gid" and "uid". Logs will be generated for this signature
when id pattern is sent to the http server.