TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
191
obtain a listing of the packages, and versions of packages, installed on this system. Remote attackers may use this
information to identify what vulnerable software packages have been installed.
Signature ID: 1360
Solaris sadmind Buffer Overflow Vulnerability
Threat Level: Information
Signature Description: Sadmind is designed to provide remote system administration operations and it is installed by
default. And the service is started automatically. SadMind is a buffer overflow vulnerability. This rule will trigger when
an attacker overwrite the stack pointer within a running sadmind process, an attacker can use this vulnerability to
overflow a buffer and execute arbitrary code with the root privileges.
Signature ID: 1361
Check Point Firewall-1 HTTP Parsing Engine URI Schema Format String Vulnerability
Threat Level: Warning
Industry ID: CVE-2004-0039 Bugtraq: 9581
Signature Description: The Checkpoint Firewall-1 NG HTTP Application Intelligence (AI) component is an
application proxy technology designed to prevent potential attacks or detect protocol anomalies targeted at servers
behind the firewall. The AI component contains an HTTP parsing vulnerability that is triggered by sending an invalid
HTTP request through the firewall. When various invalid portions of the request are specified, an error message is
generated in which a user may partially specify the format string to an sprintf() call. This rule checks for exploitation of
this vulnerability in Schema field of an URI. By providing format string specifiers in Schema field, an attacker may
corrupt memory and execute arbitrary code with super-user privileges. Administrators are advised to update the
software.
Signature ID: 1362
SAMBAR Server search.dll directory listing attempt Vulnerability
Threat Level: Warning
Industry ID: CVE-2000-0835 Bugtraq: 1684 Nessus: 10514
Signature Description: Sambar server is a multi-threaded, extensible application server with highly rogrammable API.
It has virtual domain support (currently name based) with independent document/CGI directories, log files, and error
templates. Sambar Server 4.4 Beta 3 and Sambar Server 4.3 versions are vulnerable, these versions of this software ship
with a vulnerability in the search.dll. These verion softwares allowing malicious user(remote attacker) to view the
contents of the SAMBAR Server such as mail folders etc by passing paths or invalid values in the 'query' variable.
Attacker will send a specially crafted URI request to search.dll by passing paths or invalid values in the 'query' variable.
Signature ID: 1363
Search.vts access security vulnerability
Threat Level: Warning
Bugtraq: 162
Signature Description: Verity's SEARCH'97 Personal for browsers receives four-star rating by PC Computing
Magazine, it is easy setup and fast search capability wins out over AltaVista's Search My Computer Private eXtension.
The SEARCH'97 product suite contains SEARCH'97 Information Server, SEARCH'97 Agent Server, SEARCH'97 CD-
Web Publisher, SEARCH'97 Agent Server Toolkit, SEARCH'97 Developer's Kit, SEARCH'97 Personal for Microsoft
Exchange and SEARCH'97 Information Server for Microsoft Exchange. Verity Search97 2.1 is vulnerable to the Verity
search engine. The vulnerability is due to cgi-bin scripts, s97_cgi and s97r_cgi failing to check for the existence of
certain shell meta characters. This version software allows an attacker to access any file on the file system.