TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
133
Signature Description: Big Brother is a loosely-coupled distributed set of tools for monitoring and displaying the
current status of an entire network and notifying the admin should need be. Sean MacGuire Big Brother 1.0 9c and
Sean MacGuire Big Brother 1.0 9b are vulnerable versions. In these verions the CGI script bb-rep.sh, the new history
viewer, can be exploited to allow the partial display of local files provided they are readable by the user id CGI scripts
are executed under by the web server, and that they are text based. Patches are available at vendor website, Sean
MacGuire Big Brother 1.0 9b is not vulnerable update this verions or latest version.
Signature ID: 1075
Big Brother bb-replog.sh based file browsing vulnerability
Threat Level: Warning
Industry ID: CVE-1999-1462
Bugtraq: 142 Nessus: 10025
Signature Description: Big Brother is a loosely-coupled distributed set of tools for monitoring and displaying the
current status of an entire network and notifying the admin should need be. Sean MacGuire Big Brother 1.0 9c and
Sean MacGuire Big Brother 1.0 9b are vulnerable versions. In these verions the CGI script bb-replog.sh, the new
history viewer, can be exploited to allow the partial display of local files provided they are readable by the user id CGI
scripts are executed under by the web server, and that they are text based. Patches are available at vendor website, Sean
MacGuire Big Brother 1.0 9d is not vulnerable update this verions or latest version.
Signature ID: 1076
EXtropia bbs_forum.cgi Remote Arbitrary Command Execution Vulnerability
Threat Level: Information
Industry ID: CVE-2001-0123 Bugtraq: 2177
Signature Description: Bbs_forum.cgi is a popular Perl cgi script from eXtropia.com. It supports the creation and
maintenance of web-based threaded discussion forums. eXtropia WebBBS, version 1.0.0, could allow an attacker to
traverse directories on the web serve. This issue is triggered when an attacker can send a malformed URL to the
bbs_forum.cgi script containing "dot dot" sequences(/../). The successful exploitation can allow an attacker to read any
file on the web server and execute arbitrary code on the web server. This issued is fixed in the version of WebBBS(2.0
or later). Install this version on system for removing this vulnerability, which available at vendor's web site.
Signature ID: 1077
Brian Stanback bslist.cgi Remote Command Execution Vulnerability
Threat Level: Information
Industry ID: CVE-2001-0100
Signature Description: This rule detects when attacker send a specially-crafted request to the bslist.cgi containing
improper filtering of the character ';'. The successful exploitation of this issue will allow an attacker to execute arbitrary
commands on the system and obtain the system's etc/passwd file. The affected version of bslist.cgi is 1.0.0. The issue is
fixed in the version 1.5 or later. Update this version for removing this vulnerable, which is available at vendor's web
site.
Signature ID: 1079
Matt Kruse Calendar Arbitrary Command Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0432
Bugtraq: 1215
Signature Description: Matt Kruse's Calendar script is a popular, free perl cgi-script used by many websites on the
Internet. It allows a website administrator to easily setup and customize a calendar on their website. Matt Kruse
Calendar Script 2.2 is vulnerable to execute arbitrary code. A remote attacker could send a URI request to calender.pl
that request contains metacharacters, after received the request it is not parsing the user input values for metacharacters.
It is therefor possible to execute arbitrary commands on the target host by passing "|shell command|" as one value of
the "configuration file" field. The shell that is spawned with the open() call will then execute those commands with the
uid of the webserver. This can result in remote access to the system for the attacker.