TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
179
Signature Description: PHP is a widely-used general-purpose scripting language that is especially suited for Web
development and can be embedded into HTML. PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 versions are prone to a
vulnerability that allows attackers to overwrite the GLOBAL variable via HTTP POST requests. This vulnerability will
occur by the weakness in the file upload code, that allows modifying (i.e., overwriting) the GLOBALS array and
bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload
field, when register_globals is turned on. Overwriting this array can lead to unexpected security holes in code assumed
secure.
Signature ID: 1303
Mozilla/Netscape/Firefox Browsers Domain Name Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-2871 Bugtraq: 14784
Signature Description: Mozilla products, including the Mozilla Suite, and Mozilla Firefox are vulnerable to a heap
overflow in the way they handle URLs containing certain IDN encoded host names. The vulnerability occurs because
of an error in the conversion of a host name consisting of Unicode "soft hyphen" characters (U+00AD) to the UTF-8
character set. The vulnerability can be exploited by convincing a user to view an HTML document which sends a
specially-crafted HTML file containing the 0xAD character in the domain name. A successful attack may result in a
crash of the application or the execution of arbitrary code. To protect from this attack Mozilla users are advised to
patch their systems.Firefox 1.0.6 and 1.5 Beta 1 are vulnerable to this issue. Mozilla 1.7.11 and Netscape 8.0.3.3 and
7.2 are affected as well.
Signature ID: 1304
Mozilla/Netscape/Firefox Browsers Domain Name Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-2871 Bugtraq: 14784
Signature Description: Mozilla Firefox is a free and open source web browser descended from the Mozilla Application
Suite, managed by the Mozilla Corporation. Mozilla products, including the Mozilla Suite, and Mozilla Firefox are
vulnerable to a heap overflow in the way they handle URLIs containing certain IDN encoded hostnames. The
vulnerability occurs because of an error in the conversion of a hostname consisting of Unicode "soft hyphen" characters
(U+00AD) to the UTF-8 character set. The vulnerability can be exploited by convincing a user to view an HTML
document which sends a specially-crafted HTML file containing the 0xAD character in the domain name. A successful
attack may result in a crash of the application or the execution of arbitrary code. To protect from this attack Mozilla
users are advised to patch their systems. Firefox 1.0.6 and 1.5 Beta 1 are vulnerable to this issue. Mozilla 1.7.11 and
Netscape 8.0.3.3 and 7.2 are affected as well.
Signature ID: 1305
RealNetworks RealPlayer/HelixPlayer RealPix Format String Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-2710
Bugtraq: 14945
Signature Description: The Helix Player is the Helix Community's open source media player for consumers. The
RealPlayer for Linux is built on top of the Helix Player for Linux and includes support for several non-open source
components including RealAudio/RealVideo, MP3 etc., A format string vulnerability exists in Helix Player (10.0.0 - 5)
that allows a remote attacker to execute code on victim's computer. The vulnerability specifically exists because of the
improper usage of a formatted printing function. This vulnerability can be exploited by a specially crafted RealPix (.rp)
or RealText (.rt) file. Administrators are advised to patch up the machines using vulnerable Real Player or Helix Player.
Signature ID: 1306
RealNetworks RealPlayer/HelixPlayer RealPix Format String Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-2710
Bugtraq: 14945