TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
28
known as the 'CGI bin directory'. Early documentation for Netscape and other servers recommended placing the
interpreters in the CGI bin directory to ensure that they were available to run the script.
Signature ID: 160
WEB-CGI pfdispaly.cgi arbitrary command execution vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0270
Bugtraq: 64 Nessus: 10174
Signature Description: IRIX is a computer operating system developed by Silicon Graphics, Inc. to run natively on
their 32- and 64-bit MIPS architecture workstations and servers. A vulnerability exists in the 'InfoSearch' package as
included by Silicon Graphics in their IRIX operating system. A vulnerability in IRIX 6.2 through 6.4 CGI program
'pfdisplay.cgi' could allow remote users to view any file on the system with 'nobody' privileges.
Signature ID: 161
Phf Remote Command Execution Vulnerability
Threat Level: Severe
Industry ID: CVE-1999-0067 Bugtraq: 629 Nessus: 10176
Signature Description: The NCSA HTTPd was a web server originally developed at the NCSA. It was among the
earliest web servers developed. The Apache HTTP Server is a web server developed and maintained by an open
community of developers under the auspices of the Apache Software Foundation. Apache web server's initial versions
were based on NCSA's httpd. A vulnerability exists in the sample cgi bin program - 'phf' as included with NCSA httpd
1.5 and Apache 1.0.3 and prior versions of both servers. By supplying certain characters arbitrary commands can be
executed by remote users with the privilages of the httpd process. This is because the phf CGI program calls the
escape_shell_cmd() function. This function is intended to filter out dangerous characters from the user input before
passing these strings along to shell based library calls, such as popen() or system(). However, it fails to filter certain
characters due to which it is possible to execute commands from these calls.
Signature ID: 162
IIS phonebook Server Buffer Overflow vulnerability
Threat Level: Warning
Industry ID: CVE-2000-1089 Bugtraq: 2048 Nessus: 10564
Signature Description: Microsoft IIS is a popular web server package for Windows based platforms. Windows NT 4.0
and Windows 2000 are preemptive, graphical and business-oriented operating systems designed to work with either
uniprocessor or symmetric multi-processor computers. The Phone Book Service is an optional component that ships
with the NT 4 Option Pack and Windows 2000. This Service is used in conjunction with Dial Up Networking clients to
provide computers with a pre-populated list of dial-up networking servers. A buffer overflow vulnerability was
discovered in the URL processing routines of the Phone Book Service requests on IIS 4 and IIS 5. If exploited, this
vulnerability allows an attacker to execute arbitrary code with the privileges of the IUSR_machinename account (IIS 4)
or the IWAM_machinename account (IIS 5).
Signature ID: 163
WEB-CGI php.cgi access vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0238
Bugtraq: 2250 Nessus: 10177
Signature Description: PHP/FI (Personal Home Page / Forms Interpreter) is a software suite designed to offer enhanced
features to sites served via the World Wide Web and is maintained by the PHP development team. A problem in
PHP/FI 2.0 could allow remote users access to restricted resources. Due to a design problem in the software package,
the PHP/FI software package allows a remote user to browse directories and view files stored on the local host with the
privileges of httpd process. An attacker can gather sensitive information that he can use in subsequent attacks.