TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

351

352

353

354

355

356

357

358

359

360

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

356

server 1.2 and sends a large amount of ASCII 255 chars, the server will close itself and disconnect all the current users,

causing a denial of service attack.

Signature ID: 4028

MDaemon Webconfig crash

Threat Level: Warning

Industry ID: CVE-1999-0844

Bugtraq: 820 Nessus: 10138

Signature Description: The Mdaemon is a mail server for Windows from Alt-N technologies. It includes a small web

server for web-based remote administration. Alt-N MDaemon 2.8.5 0 is vulnerable due to insufficient validation for the

buffer that handles incoming GET requests. An abnormally large URL with more than 1000 bytes sent to the

WebConfig service at port 2002 will crash the service causing a denial of service condition.

Signature ID: 4029

MDaemon Worldclient crash

Threat Level: Critical

Industry ID: CVE-1999-0844 CVE-1999-0844 Bugtraq: 823,820 Nessus: 10139

Signature Description: Alt-N's WorldClient is an email webserver that allows it's users to retrieve email via HTTP. Alt-

N WorldClient Pro 2.0.0.0 2.0.1.0 and Alt-N WorldClient Standard 2.0.0.0 are susceptible to denial of service attacks

due to insufficient validation for a buffer in the request handler. Supplying a long GET request will crash the server

causing a denial of service condition.

Signature ID: 4030

Mercur WebView Denial of service vulnerability

Threat Level: Severe

Industry ID: CVE-2000-0239 Bugtraq: 1056 Nessus: 10346

Signature Description: Atrium Software's WebView WebMail-Client is an add-on for their Mercur

SMTP/POP3/IMAP4 Mail Server which allows a user to access email through a web browser. Atrium Software Mercur

WebView WebMail-Client 1.0 is vulnerable to Denial of service attack due to insufficient boundary checking of GET

requests on port 1080. Issuing a GET request containing a string of over 1000 characters as value of mail_user

parameter on port 1080 will cause the WebView WebMail-Client application to crash resulting in the Denial of Service

condition.

Signature ID: 4031

Microsoft SQL NULL byte denial of service vulnerability

Threat Level: Severe

Industry ID: CVE-1999-0999

Bugtraq: 817 Nessus: 10145

Signature Description: Microsoft SQL Server is a relational database management system (RDBMS) produced by

Microsoft. Microsoft SQL Server 7.0 to 7.0 SP1 alpha (inclusive) can be shut down by sending a TCP packet to Port

1433 containing more than 2 NULL bytes as part of data. Such an attack results in a Denial of Service condition.

Signature ID: 4034

Novell Border Manager Audit Trail Proxy DoS Vulnerability

Threat Level: Severe

Industry ID: CVE-2000-0152

Bugtraq: 976 Nessus: 10163

Signature Description: A feature called the CS Audit Trail Proxy is installed by default with Novell BorederManager

3.0 and 3.5 .This feature listens on port 2000, on both the internal and external interfaces. The CS Audit Trail Proxy is

handled by CSATPRX.NLM. If a connection is made to this port and a character sequence having large number of '\r\n'

characters is sent, the server will show 'Short Term Memory Allocator is out of Memory' error. The server has to be

rebooted to restore normal functionality.