TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

221

222

223

224

225

226

227

228

229

230

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

230

Signature ID: 1719

Microsoft Data Access Components RDS Buffer Overflow Vulnerability

Threat Level: Information

Industry ID: CVE-2002-1142 Bugtraq: 6214

Signature Description: Microsoft Data Access Components (MDAC) is a collection of utilities and routines to process

requests between databases and network applications. A buffer overflow vulnerability exists in the Remote Data

Services (RDS) component of MDAC 2.1 through 2.6. The RDS component provides an intermediary step for a client's

request for service from a back-end database which enables the web site to apply business logic to the request. A

routine in the RDS component, specifically the RDS Data Stub function, contains an unchecked buffer. The RDS Data

Stub function's purpose is to parse incoming HTTP requests and generate RDS commands. This unchecked buffer

could be exploited to cause a heap overflow.

Signature ID: 1720

Microsoft Site Server 3.0 Default account login Vulnerability

Threat Level: Information

Industry ID: CVE-2002-1769 Bugtraq: 3998,4007 Nessus: 11018

Signature Description: Microsoft Site Server 3.0 for Windows NT servers allows users to publish, find, and share

information. By default, Microsoft Site Server version 3.0 prior to SP4 running on Windows NT 4.0 creates a user

account with a known password. The "LDAP_Anonymous" user account allows limited local login privileges and uses

the known password "LdapPassword_1". When an attacker logs on with the default user name and password, Site

Server reveals information about some Site Server files.

Signature ID: 1721

Microsoft WebProxy Service w3proxy.dll file access vulnerability

Threat Level: Information

Industry ID: CVE-2003-0110

Signature Description: Web Proxy Server is a server which services the requests of its clients by forwarding requests to

other servers. Microsoft Proxy Server 2.0 is vulnerable. This rule tries to detect access to w3proxy.dll via HTTP

request. The w3proxy.dll file is part of ISAPI filter of Web Proxy service. This is a vulnerable file and is associated

with a vulnerability (MS03-012). Attacker tries to scan the system to determine whether the attacked machine is

vulnerable by accessing w3proxy.dll file.

Signature ID: 1722

Microsoft Windows ASN.1 Library Bit String Processing Vulnerability

Threat Level: Information

Industry ID: CVE-2003-0818 Bugtraq: 9635 Nessus: 12065,12052,12054,12055

Signature Description: Abstract Syntax Notation number One (ASN.1) is an international standard used to describe and

transmit data packets between applications and across networks. There is a buffer overflow vulnerability in the

Microsoft ASN.1 Library that could allow an unauthenticated, remote attacker to execute arbitrary code with SYSTEM

privileges on the affected system (MS04-0007). This rule tries to detect scan attempt for this vulnerability. Affected

Systems are Microsoft Windows NT 4.0, Microsoft Windows NT 4.0 TSE, Microsoft Windows 2000, Microsoft

Windows XP, Microsoft Windows Server 2003.<br>

Signature ID: 1723

NewsPro administration unauthorized authentication vulnerability

Threat Level: Information

Industry ID: CVE-2002-1734 Bugtraq: 4672

Signature Description: NewsPro is a freely available ASP script used to display and maintain news stories for Web