TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
165
Signature ID: 1239
McAfee ePO file upload attempt Vulnerability
Threat Level: Information
Industry ID: CVE-2004-0038
Bugtraq: 10200
Signature Description: McAfee's ePolicy Orchestrator server is responsible for distributing packages and code to
ePolicy agents. McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 is vulnerable to a remote code
execution. This vulnerability is due to insufficient sanitization of user supplied requests to the spipe/file via http post
method. This vulnerability is fixed in Orchestrator version 3.0 Service Pack 2a. Administrators are advised to update
Orchestrator version 3.0 Service Pack 2a version or later version to resolve this vulnerability.
Signature ID: 1240
MySQL MaxDB WebAgent WebSQL Password Parameter Remote Buffer Overflow
Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-0111 Bugtraq: 12265
Signature Description: MaxDB is a SAP-certified open source database for Online Transaction Processing (OLTP) and
On-Line Analytical Processing (OLAP)usage. MaxDB version 7.5.00 is vulnerable, in this version exists a stack-based
buffer overflow vulnerability. A malicious user(remote attacker) could send a specially-crafted long password, the
websql CGI application not validating the user inputs properly, at the time of processing these input values the buffer
will overflow then execute arbitrary code on the system with SYSTEM level privileges.
Signature ID: 1241
MySQL MaxDB WebAgent WebSQL Password Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-0111 Bugtraq: 12265
Signature Description: MaxDB is a SAP-certified open source database for Online Transaction Processing (OLTP) and
On-Line Analytical Processing (OLAP)usage. A stack-based buffer overflow vulnerability exists in MaxDB version
7.5.00 caused by improper bounds checking in the websql CGI application. By supplying a specially-crafted long
password, a remote attacker could overflow a buffer and execute arbitrary code on the vulnerable system. This
vulnerability is fixed in MySQL AB MaxDB 7.5 .00.18. Administrators are advised to update MySQL AB MaxDB 7.5
.00.18 version or later version to resolve this vulnerability.
Signature ID: 1242
NetGear router default password login attempt with admin/password Vulnerability
Threat Level: Warning
Nessus: 11737
Signature Description: Router is a computer whose software and hardware are usually tailored to the tasks of routing
and forwarding information. Routers generally contain a specialized operating system. Netgear routers have a default
username and password of "admin" and "password", if this is not changed by the administrator it is possible for an
attacker to gain administrative access to the router. Because this default username and passwords are hardcoded in the
product source.
Signature ID: 1243
NetObserve authentication bypass attempt Vulnerability
Threat Level: Warning
Bugtraq: 9319
Signature Description: NETObserve is a software solution that can be used to remotely monitor and control Windows
based machines. It's interface is accessed via HTTP. By setting a cookie value, used to send login information to
NETObserve, to 0 an attacker can bypass any checks on login credentials. This can present the attacker with