TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

131

132

133

134

135

136

137

138

139

140

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

134

Signature ID: 1080

Matt Kruse Calendar Arbitrary Command Execution Vulnerability

Threat Level: Warning

Industry ID: CVE-2000-0432 Bugtraq: 1215

Signature Description: Matt Kruse's Calendar script is a popular, free perl cgi-script used by many websites on the

Internet. It allows a website administrator to easily setup and customize a calendar on their website. Matt Kruse

Calendar Script 2.2 is vulnerable to execute arbitrary code. A remote attacker could send a URI request to

calender_admin.pl that request contains metacharacters, after received the request it is not parsing the user input values

for metacharacters. It is therefor possible to execute arbitrary commands on the target host by passing "|shell

command|" as one value of the "configuration file" field. The shell that is spawned with the open() call will then

execute those commands with the uid of the webserver. This can result in remote access to the system for the attacker.

Signature ID: 1081

NCSA HTTPd campas sample script Vulnerability

Threat Level: Warning

Industry ID: CVE-1999-0146 Bugtraq: 1975

Signature Description: NCSA HTTPd is an HTTP compatible server for making hypertext and other documents

available to Web browsers, much in the same way that NCSA Mosaic is a program to browse information in the World

Wide Web. From the Client-Server viewpoint, NCSA <br>HTTPd is the Server to the Browser Client. Campas NCSA

HTTPd verion 1.2 is vulnerable, this version is not properly validating user supplied variable inputs, and as <br>a

result can be used to execute commands on the host with the privileges of the web server. Commands can be passed as

a variable to the script, separated by %0a (linefeed) characters. Successful exploitation of this vulnerability could be

used to deface the web site, read any files the server process has access to, get directory listings, and execute anything

else the web server has access to. Remedy is upgrade HTTP server to the latest available version.

Signature ID: 1082

CGIScript.net csPassword.CGI Password.CGI.TMP File Disclosure Vulnerability

Threat Level: Warning

Industry ID: CVE-2002-0920 Bugtraq: 4889

Signature Description: CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and

Andy Angrick. The csPassword.cgi script developed by CGIScript.net, CGISCRIPT.NET csPassword 1.0 version is

vulnerable, There is a possibility for a user to obtain access to the temporary(password.cgi.tmp) file, generated by the

script, containing usernames and unencrypted passwords. Patches may be available at vendor website(cgiscript

website).

Signature ID: 1084

CSSearch Remote Command Execution Vulnerability

Threat Level: Warning

Industry ID: CVE-2002-0495 Bugtraq: 4368 Nessus: 10924

Signature Description: CsSearch is a free perl cgi search script developed by Mike Barone and Andy Angrick

<br>csSearch stores it's configuration data as perl code in a file called "setup.cgi" which is evaluated by the script to

load it back into memory at runtime. csSearch.cgi in csSearch 2.3 and earlier versions are vulnerable, these versions are

allowing attackers to execute <br>arbitrary code via the savesetup command and the "setup" parameter, with the

privileges of the web server process. These versions are not properly validating use inputs, so any user can cause

configuration data to be written to "setup.cgi" and execute arbitrary code(perl code) on the server. Patches are available

at cgiscript website.