TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
159
host connecting to the services offered on a host server. This can lead to unauthorized access and possibly escalated
privileges to that of the administrator through BigBrother /bb-hostsvc.sh access. Sean MacGuire Big Brother 1.4 H
,Sean MacGuire Big Brother 1.4 g ,Sean MacGuire Big Brother 1.4,Sean MacGuire Big Brother 1.3,Sean MacGuire
Big Brother 1.2,Sean MacGuire Big Brother 1.1,Sean MacGuire Big Brother 1.0 9d,Sean MacGuire Big Brother 1.0
9c,Sean MacGuire Big Brother 1.0 9b,Sean MacGuire Big Brother 1.0 are prone to this vulnerability.
Signature ID: 1212
BitMover BitKeeper Daemon Mode Remote Command Execution Vulnerability
Threat Level: Warning
Bugtraq: 6588
Signature Description: BitKeeper is a cross platform commercial application for managing software development, it is
for distributed revision control(configuration management, SCM, etc.) of computer source code. A sophisticated
distributed system, BitKeeper competes largely against other professional systems such as Rational ClearCase and
Perforce. BitMover BitKeeper 3.0 is vulnerable version, When used in daemon mode, BitKeeper opens a listening
service that can be accessed via an ordinary http request. The malicious user(remote attacker) could send specially
crafted request, this server is not correctly processed the user given inputs, then it allows execution of arbitrary code.
Signature ID: 1213
BugPort Unauthorized Configuration File Viewing Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-2353 Bugtraq: 9542
Signature Description: The BugPort system is an open-source, web-based system to manage tasks and defects
throughout the software development process. BugPort is written in the cross-platform PHP language (using its object-
oriented capabilities) and uses a relational database for storage/querying. BugPort is usefull for bug tracking
purposes(internal management of software development and QA). INCOGEN BugPort 1.090 to INCOGEN BugPort
1.098 all versions vulnerable, A malicious user(remote attacker) could send a specially crafted uri request to disclose
sensitive information. From these versions there is chance to disclose sensitive information to remote attackers. The
contents of the BugReport configuration file will be served to remote users who request the file. This could disclose
sensitive configuration information that may be useful when mounting further attacks.
Signature ID: 1214
CISCO PIX Firewall Manager directory traversal Vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0158
Bugtraq: 691 Nessus: 10819
Signature Description: Cisco PIX firewall manager (PFM), PFM is a Worldwide-Web-based application, it is based on
a hardened and includes a limited HTTP server. The PFM HTTP server runs on Windows NT computers. PIX firewalls
provide a wide range of security and networking services including, Network Address Translation (NAT) or Port
Address Translation (PAT), content filtering (Java/ActiveX), URL filtering, IPsec VPN, support for leading X.509 PKI
solutions,<br>DHCP client/server. Cisco PIX Firewall 4.2.1 and Cisco PIX Firewall 4.1.6 versions are vulnerable,
these versions are allowing malicious user to retrieve arbitrary files from the web server. A malicious user(remote
attacker) could send a specifically crafted uri request to webserver, this request URI contains traversal style attacks
patterns(../../). After received this type of the requests the server is not validating properly the user given <br>inputs,
then there is a chnace the malicious user(attacker) to retrieve potentially sensitive files which may aid them in further
compromise.
Signature ID: 1215
CISCO VoIP DOS ATTEMPT Vulnerability
Threat Level: Warning
Industry ID: CVE-2002-0882
CVE-2002-0882 Bugtraq: 4794,4798 Nessus: 11013
Signature Description: The 7900 series VoIP Phones are a Voice-Over-IP solution distributed by Cisco Systems.It is