TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
180
Signature Description: The Helix Player is the Helix Community's open source media player for consumers. The
RealPlayer for Linux is built on top of the Helix Player for Linux and includes support for several non-open source
components including RealAudio/RealVideo, MP3 etc., Real HelixPlayer and RealPlayer 10 version contains format
string vulnerability. Thse vulnerable version allows a remote attacker to execute code on victim's computer. The
vulnerability specifically exists because of the improper usage of a formatted printing function. The server could send
cpecially crafted .rp and .rt extension files, the vulnerability can be exploited by a specially crafted RealPix (.rp) or
RealText (.rt) file.<br>Administrators are advised to patch up the machines using vulnerable Real Player or Helix
Player.
Signature ID: 1307
Apache 2.0 Path Disclosure Vulnerability
Threat Level: Warning
Industry ID: CVE-2002-0654 Bugtraq: 5485,5486
Signature Description: Apache HTTP Server is a very popular freely available web server that runs on a variety of
operating systems, including UNIX, Linux, and Microsoft Windows (Win32). Apache 2.0 through 2.0.39 on Windows,
OS2, and Netware are vulnerable versions, these versions of Apache HTTP Server could allow a remote attacker to
obtain the full path to the Apache installation directory, caused by a vulnerability in the multiview type map
negotiation. A malicious user(remote attacker) will send sends a specially-crafted URL request appended with .var, the
attacker could cause an error message to be returned that would contain the full path to the installation directory. This
malicious user(remote-attacker) could use this vulnerability to obtain sensitive information, such as the operating
system and server version. This information could then be used to launch further attacks against the affected Web
server.
Signature ID: 1308
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
Threat Level: Warning
Industry ID: CVE-2003-0132 Bugtraq: 7254
Signature Description: Apache HTTP Server is a very popular freely available web server that runs on a variety of
operating systems, including UNIX, Linux, and Microsoft Windows (Win32). Apache 2.0 through 2.0.44 and prior
versions are vulnerable, thse version allows remote attackers to cause a denial of service. The malicious user(remote
attacker) will send request with large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each
linefeed. After received this type of request it cant not properly so memory consumption, it cause a denial of service.
Exploitation of this vulnerability may allow an attacker to consume all available system resources, resulting in a denial-
of-service condition.
Signature ID: 1309
ESignal v7 remote buffer overflow Vulnerability
Threat Level: Warning
Bugtraq: 9978
Signature Description: ESignal is the nation's leading provider of real-time financial and market information. eSignal is
a popular platform for institutional and professional traders. eSignal is a market data solution bundled for best value for
small to mid-size institutional investors that also includes additional optional services. eSignal eSignal 7.6 and eSignal
eSignal 7.5 versions existed stack-based buffer overflow vulnerability. A remote attacker will send invalid request,
eSignal main application "WinSig.exe" listens for incoming data requests on tcp port 80. While parsing requests, it
suffers from classic stack-based buffer overflow(due to invalid bounds checking), when parameter string is about 1040
characters long, the Overflow occurs in Specs.dll and EIP is fully controllable, as the function return address on the
stack is completely overwritten. This vulnerability may allows execution of arbitrary code.