TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
22
Option Pack is a set of Web and application services that enables developers to create the next generation of distributed
network applications for Windows NT Server. Microsoft IIS is a popular web server package for Windows based
platforms. MDAC (Microsoft Data Access Components) is a package used to integrate web and database services. It
includes a component named RDS (Remote Data Services). RDS allows remote access via the internet to database
objects through IIS. Both are included in a default installation of the Windows NT 4.0 Option Pack. RDS includes a
component called the DataFactory object, which has a vulnerability that could allow any web user to 1) obtain
unauthorized access to unpublished files on the IIS server or 2) to use MDAC to tunnel ODBC requests through to a
remote location, thereby masking the source of the attack. 3) If the Microsoft JET OLE DB Provider or Microsoft
DataShape Provider are installed, a user could use the 'shell()' VBA command on the server with System privileges.
These two vulnerabilities combined can allow an attacker on the Internet to run arbitrary commands with System level
privileges on the target host. Microsoft IIS 3.0 to 4.0 and other NT based web servers using the Windows NT 4.0
options pack without an update patch are vulnerable.
Signature ID: 129
MS Personal WebServer directory traversal vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0386
Bugtraq: 989 Nessus: 10142
Signature Description: Microsoft Personal Web Server (PWS) is simple web server software offered by Microsoft for
the Windows operating system. PWS was developed by Microsoft for Windows 9x and Windows NT 4.0 operating
systems. Microsoft Personal Web Server 4.0 or earlier and Microsoft FrontPage Personal WebServer 1.0 parse '/..../'
string in requested URLs as '\' to the logical drive on which the site is hosted, allowing remote users to obtain
unauthenticated read access to files and directories on the same logical drive as the web content.The name and path of
the desired file must be known to the attacker.
Signature ID: 131
MultiHTML File Disclosure Vulnerability
Threat Level: Severe
Industry ID: CVE-2000-0912 Bugtraq: 6711 Nessus: 10516
Signature Description: MultiHTML is a web-based application for inserting a Server Side Include calls to display
HTML files. MultiHTML 1.5 is prone to a file disclosure vulnerability. The user supplied input is not sanitized before
being passed to the Perl open() function. Hence, it is possible for remote attackers to issue requests that are capable of
disclosing sensitive webserver readable resources. A valid file followed by a null byte (%00) must be requested to
exploit this vulnerability.
Signature ID: 132
/book.cgi access vulnerability
Threat Level: Warning
Industry ID: CVE-2001-1114 Bugtraq: 3178 Nessus: 10721
Signature Description: NC Book is a guest book package for websites. It is distributed by NetCode. NetCode Book
0.2b allows remote attackers to execute arbitrary commands via the "current" parameter by encapsulating commands in
pipe ('|') characters. Attackers can execute commands with privileges of the HTTPd process.
Signature ID: 133
Tektronix Phaser Network Printer Administration Interface Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0484
Bugtraq: 2659 Nessus: 10665
Signature Description: The Tektronix Phaser network printers are a series of network based printers with advanced
features like web based management. A remote vulnerability exists in Tektronix Phaser network printers in the 7xx,
8xx, and 9xx series. An attacker with access to the printer's local network can reach the printer's admin interface,