TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

161

162

163

164

165

166

167

168

169

170

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

170

Signature ID: 1260

SiteWare Editor Desktop Directory Traversal Vulnerability

Threat Level: Warning

Industry ID: CVE-2001-0555 Bugtraq: 2868,2869

Signature Description: SiteWare Editor's Desktop is a web-based administration tool for manipulating

ScreamingMedia content on a SiteWare web server. Screaming Media SiteWare 3.1, Screaming Media SiteWare 3.0 2,

Screaming Media SiteWare 3.0 1, Screaming Media SiteWare 3.0, Screaming Media SiteWare 2.5 01, Screaming

Media SiteWare 2.5 are vulnerable versions. The SiteWare Editor is a Web-based remote administration interface for

the SiteWare server. A malicious user(remote attacker) could send a URL request containing "dot dot" sequences (/../)

to the SiteWare server, after received this type of requests it is not validating properly the user supplied, then there is

chance to traverse directories and retrieve arbitrary files from the Web server.

Signature ID: 1261

SalesLogix eViewer DoS Vulnerability

Threat Level: Warning

Industry ID: CVE-2000-0278 CVE-2000-0289 Bugtraq: 1089,1078

Signature Description: SalesLogix eViewer is a web application integrated with the SalesLogix 2000 package.

SalesLogix Corporation eViewer 1.0 is vulnerable version to denial of service. eViewer will not perform authorization

on administrative commands if they are requested directly in the URL. Therefore, the will cause the slxweb.dll process

to shutdown. Possibly other commands aside from 'shutdown' could be performed by a remote user as well. Although

the slxweb.dll process will restart once a new query or session is issued, continually requesting the URL above will

cause a denial of service.

Signature ID: 1262

Samba Web Administration Tool Base64 Decoder Buffer Overflow Vulnerability

Threat Level: Warning

Industry ID: CVE-2004-0600 Bugtraq: 10780

Signature Description: Samba Web Administration Tool(SWAT) is a tool that may be used to configure Samba or just

to obtain useful links to important reference materials such as the contents of this book as well as other documents that

have been found useful for solving Windows networking problems. Samba Samba 3.0.4 -r1, Samba Samba 3.0.4,

Samba Samba 3.0.3, Samba Samba 3.0.2a and Samba Samba 3.0.2 are vulnerable to stack-based buffer overflow. This

issue is due to a failure of the application to properly validate buffer boundaries when copying user-supplied input into

a finite buffer.Successful exploitation of this issue will allow a remote, unauthenticated attacker to execute arbitrary

code on the affected computer with the privileges of the affected process; Samba typically runs with superuser

privileges.

Signature ID: 1263

Samba SWAT Authorization port 901 overflow vulnerability

Threat Level: Information

Industry ID: CVE-2004-0600

Bugtraq: 10780

Signature Description: Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 is vulnerable to buffer overflow.

This issue is due to a failure of the application to properly validate buffer boundaries when copying user-supplied input

into a finite buffer. A successful exploitation of this issue will allow a remote, unauthenticated attacker to execute

arbitrary code on the affected computer with the privileges of the affected process , Samba typically runs with

superuser privileges. This issue is fixed in Samba Samba 3.0.5. Update the Samba Samba 3.0.5 version to resolve this

issue.