TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
127
Signature Description: Alt-N Technologies provides affordable Windows-based software, including an email server,
email antivirus and antispam protection, Outlook integration, and network fax management software. MDaemon
protects your users from spam and viruses, provides full security, includes seamless web access to your email via
WorldClient, remote administration. MDaemon/WorldClient Alt-N MDaemon 6.8.5 and below versions are vulnerable,
a malicious user(remote attacker) will send with more than 249 bytes in the "From" field to FROM2Raw.cgi script,
when processing that request by MDaemon will cause a Stack buffer overflow. Then the attacker can execute arbitrary
code in the context of <br>the vulnerable software in order to gain unauthorized access. Patches are not available.
Signature ID: 1045
Nph-maillist Arbitrary Code Execution vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0400 Bugtraq: 2563
Signature Description: Nph-maillist is a Perl CGI script that handles mailing lists, the email list generator is a web
interfaced script that allows the visitors on web site to leave their email address so they may be notified when update
the web site. This script also provides the the ability to create and change the message wish to send to list right from the
web browser as well as to maintain the list being generated. Matt Tourtillott nph-maillist 3.5 and 3.0 are vulnerable, in
this software 'nph-maillist.pl' script carries all the functionality for the web interface, a malicious-user(remote attacker)
can enter commands embedded in an email address via the subscription form, and then force a mailing which will
execute the commands. Patches are not available.
Signature ID: 1046
Oracle reports stack overflow vulnerability
Threat Level: Information
Industry ID: CVE-2002-0947 Bugtraq: 4848
Signature Description: Reports Server is a commercially available reporting package distributed by Oracle.A stack
overflow has been reported in one of the Oracle Reports Server CGI programs (rwcgi60). This condition may be
triggered by supplying an overly long string as a value for the 'setauth' method.This buffer overflow may allow a user
to remotely execute code on a vulnerable system. In doing so, a remote user may be able to gain access to the local
system, and potentially the privileges of the webserver.Oracle Oracle9i Application Server Reports 9.0.2 and Oracle
Oracle Reports6i 6.0.8 are prone to this vulnerability.
Signature ID: 1047
SGI IRIX infosearch fname Vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0207
Bugtraq: 1031
Signature Description: IRIX is a computer operating system developed by SGI to run natively on their 32-bit and 64-
bit MIPS architecture workstations and servers. The InfoSearch package converts man pages and other documentation
into HTML web content, the search form uses infosrch.cgi. SGI IRIX 6.5.7 and below versions are vulnerable, these
versions are not properly validating the user input to infosrch.cgi scripte, 'fname' variable, so it is allowing commands
to be executed at the webserver privilege level by remote web users. Patches are available at sgi website.
Signature ID: 1048
SIX-webboard 2.01 File Retrieval vulnerability
Threat Level: Warning
Industry ID: CVE-2001-1115
Bugtraq: 3175
Signature Description: SIX-webboard is a Web bulletin board application developed by Sixhead. The generate.cgi
script in SIX-webboard version 2.01 is vulnerable, it could allows a remote attacker to traverse directories on the Web
server. There is no proper validation for user input of to content paramete, so attacker will send a request, that request
URL containing 'dot dot' sequences (/../) in the "content" parameter to "generate.cgi" script to traverse directories and
view arbitrary files outside of the Web root directory. No remedy available as of August 2008.