TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
174
Signature ID: 1277
Eagletron TrackerCam 'User-Agent' Field Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-0478 Bugtraq: 12592
Signature Description: TrackerCam is the official software for TrackerPod, a robotic tripod used to provide movement
to a webcam but this software can be used with any webcam. TrackerCam version 5.12 and earlier are vulnerable to a
buffer overflow while handling 'User-Agent' HTTP header field. By default TrackerCam runs on TCP Port 8090 and
acts as a webserver. A remote attacker can send HTTP request with an overly long 'User-Agent' HTTP header
containing more than 216 bytes to overflow the buffer and execute arbitrary code on the system. Restrict access to port
8090 for trusted clients only.
Signature ID: 1278
Eagletron TrackerCam Content-Length Field Denial of Service Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-0482 Bugtraq: 12592
Signature Description: TrackerCam is the official software for TrackerPod, a robotic tripod used to provide movement
to a web cam but this software can be used with any webcam. TrackerCam version 5.12 and earlier are vulnerable to a
denial of service when HTTP requests with a negative or large Content-Length field value. By default TrackerCam runs
on TCP Port 8090 and acts as a web server. A remote attacker can send specially crafted HTTP request with a negative
or large Content-Length field value. When multiple requests (at least 300) of this type are received the application may
crash. Restrict access to port 8090 for trusted clients only.
Signature ID: 1279
Eagletron TrackerCam Long PHP Argument Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-0478 Bugtraq: 12592
Signature Description: TrackerCam is the official software for TrackerPod, a robotic tripod used to provide movement
to a web cam but this software can be used with any webcam. TrackerCam version 5.12 and earlier are vulnerable to a
buffer overflow caused by improper handling of argument for any PHP script of TrackerCam. By default TrackerCam
runs on TCP Port 8090 and acts as a web server. A remote attacker can send HTTP request with an overly long (more
than 256 bytes) PHP argument to overflow the buffer and execute arbitrary code on the system. Restrict access to port
8090 for trusted clients only.
Signature ID: 1281
Trend Micro OfficeScan Unauthenticated CGI Usage Vulnerability
Threat Level: Warning
Bugtraq: 1057
Signature Description: Trend Micro OfficeScan is an antivirus software program which is deployable across an entire
network. Trend Micro OfficeScan For Microsoft SBS 4.5, Trend Micro OfficeScan Corporate Edition for Windows NT
Server 3.13, Trend Micro OfficeScan Corporate Edition for Windows NT Server 3.11, Trend Micro OfficeScan
Corporate Edition for Windows NT Server 3.5, Trend Micro OfficeScan Corporate Edition for Windows NT Server 3.0
are vulnerable versions. A remote attacker could send a specially-crafted request to the server, after received this type
of the requests, the Trend Micro OfficeScan applications do not perform stringent checks when validating the
credentials of a client host connecting to the services offered on a host server. This can lead to unauthorized access and
possibly escalated privileges to that of the administrator.