TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
203
code to read and browse files on a local machine. By doing so, a remote attacker could overflow a buffer and execute
arbitrary code on the system, once the file is opened.
Signature ID: 1416
MySQL MaxDB Webtool HTTP GET request Stack Overflow Vulnerability
Threat Level: Critical
Industry ID: CVE-2005-0684 CVE-2007-3614 CVE-2005-0684 Bugtraq: 13368,24773,13369
Signature Description: MySQL MaxDB is a heavy-duty, SAP-certified open source database. A web based application
interface Webtool which acts as a HTTP server is provided with MaxDB. A remote buffer overflow vulnerability exists
in the way Webtool component recognize and interprets the special characters. This issue is due to a failure of the
application to properly validate the length of user-supplied strings prior to copying them into static process buffers. An
attacker may exploit this issue by sending a malicious HTTP GET request containing a percent sign (%) with 4,000
bytes as a file parameter to MaxDB Webtool default port 9999. Successful exploitation may allow execution of
arbitrary code with the privileges of the user that activated the vulnerable application.
Signature ID: 1417
PeerCast URL Handling Buffer Overflow Vulnerability
Threat Level: Critical
Industry ID: CVE-2006-1148 Bugtraq: 17040
Signature Description: PeerCast is an open source streaming media multicast tool. PeerCast uses peer to peer
technology to minimize the necessary upload bandwidth for the original multicastor. PeerCast 0.1217 and prior are
vulnerable to a stack based buffer overflow. This vulnerability is due to insufficient sanitization of user supplied data.
A successful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the vulnerable
system. This issue is fixed in PeerCast 0.1217. Administrators are advised to update PeerCast 0.1217 or later version to
resolve this issue.
Signature ID: 1418
Microsoft IE Sysimage Protocol Handler Local File Detection Vulnerability
Threat Level: Warning
Bugtraq: 11834
Signature Description: Microsoft Internet Explorer is reported to have a vulnerability that may allow a remote site to
detect files on the local computer. A remote attacker can exploit this issue through the ''sysimage://' protocol handler to
detect the existence of a file on the local computer of the Web client viewing a malicious page. This could lead to a
disclosure of sensitive information to remote attackers or could help him to further plan his more serious attack..
Signature ID: 1420
Microsoft Internet Explorer Content Advisor File Handling Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-0555 Bugtraq: 13117
Signature Description: The Content adviser is used to control what content is viewable in Internet Explorer. It allows
users to rate the appropriateness of Web content, and to restrict which web sites can be visited by a user. The services
provided by the Content adviser are described in text files which follows the Platform Internet Content Selection
(PICS) standard. A buffer overflow vulnerability exists in the msrating.dll library, where Content adviser processes
PICS description files. The library does not check the length of an attribute in the description file before copying it into
a fixed sized buffer. By convincing a user to view an HTML document (e.g., a web page or HTML email message), an
attacker could execute arbitrary commands or code with the privileges of the user. Microsoft Internet Explorer 5.0.1
SP2, Microsoft Internet Explorer 5.0.1 SP3, Microsoft Internet Explorer 5.0.1 SP4 versions are vulnerable to
vulnerability. This signature will check for flag setted by track-state to generate log.