TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
206
interface Webtool which acts as a HTTP server is provided with MaxDB. A remote buffer overflow vulnerability exists
in the way Webtool component handles the Lock-token string for UNLOCK method in a HTTP request. This issue is
due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into
static process buffers. An attacker may exploit this issue by sending a malicious HTTP UNLOCK request along with a
long Lock-Token string to MaxDB Webtool default port 9999. Successful exploitation may allow execution of arbitrary
code with the privileges of the user that activated the vulnerable application.
Signature ID: 1430
Mozilla Firefox PLUGINSPAGE attribute Remote Code Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-0752
Bugtraq: 13228
Signature Description: When a web page requires a plugin to display the web page properly, the Plugin Finder Service
(PFS) look for appropriate plugin. If the plugin is not installed the service looks for PLUGINSPAGE attribute in
EMBED tag to locate where the plugin is available and if found PFS opens a dialog that will contain a "manual install"
button that will load the PLUGINSPAGE url. If the PLUGINSPAGE attribute contains a javascript: url then pressing
the button could launch arbitrary code capable of stealing local data or installing malicious code.
Signature ID: 1431
Mozilla Firefox PLUGINSPAGE attribute Remote Code Execution Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-0752 Bugtraq: 13228
Signature Description: When a web page requires a plugin to display the web page properly, the Plugin Finder Service
(PFS) look for appropriate plugin. If the plugin is not installed the service looks for PLUGINSPAGE attribute in
EMBED tag to locate where the plugin is available and if found PFS opens a dialog that will contain a "manual install"
button that will load the PLUGINSPAGE url. If the PLUGINSPAGE attribute contains a malformed URL of any
protocol then pressing the button could launch arbitrary code capable of stealing local data or installing malicious code.
Signature ID: 1432
RealNetworks RealPlayer RAM File Parsing Buffer Overflow Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-0755 Bugtraq: 13264
Signature Description: RealPlayer is an application for playing various media formats, developed by RealNetworks
Inc. RealPlayer contains a buffer overflow in processing Real Media (.ram) files. A ".ram" file specifies the URL where
media clips are stored. Once the ram file is processed real player contacts the URL to locate and play the media clip.
The vulnerability is due to improper checking of the hostname present in the URL. If a malicious ram file with
hostname string too long is processed by a Real player, buffer overflow occurs. Successful exploitation may execute
arbitrary code or cause the real player to crash.
Signature ID: 1433
Sun Java Web Start System Property Tags Remote Unauthorized Access Vulnerability
Threat Level: Warning
Industry ID: CVE-2005-0418
CVE-2005-0836 Bugtraq: 12847
Signature Description: Java Web Start is a technology for easy client-side deployment of Java applications. A
vulnerability exists in the way Web Start handles Java system properties defined in Java Network Launching Protocol
(JNLP) files. The <property> tag in a JNLP file can be used to define Java system properties. A few system properties
are considered "secure" and if defined in a JNLP file, they are passed to the Java executable (javaw.exe) via the -
Dproperty=value command line argument. However, a malicious user can use this feature to inject extra command line
arguments to the Java executable. This is because Web Start fails to use quote symbols around the property argument.