TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

351

352

353

354

355

356

357

358

359

360

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

358

'in.identd' service. The vulnerable 'in.identd' Ident server allows remote attackers to cause a denial of service via a long

request, which causes the server to access a NULL pointer and crash. TinyIRC TinyIdentD 2.2 suffers from a buffer

overflow condition. This allows remote attackers to execute arbitrary code on the target system.

Signature ID: 4046

Windows NT PPTP DoS vulnerability

Threat Level: Warning

Industry ID: CVE-1999-0140 Bugtraq: 2111 Nessus: 10313

Signature Description: Windows NT is a family of operating systems produced by Microsoft. The Point-to-Point

Tunneling Protocol (PPTP) is a method for implementing virtual private networks. This service is available in windows

NT under Remote Access Service(RAS). A Denial of service vulnerability exists in RAS/PPTP on Microsoft Windows

NT 4.0to 4.0 SP4(inclusive) systems. The attacker connects to port 1723 (the PPTP/VPN service's port) and sends

around 256 random characters followed by a 'control-d'. This causes the target machine to reboot.

Signature ID: 4047

Out of band data(WinNuke) denial of service vulnerability

Threat Level: Warning

Industry ID: CVE-1999-0153 Bugtraq: 2010 Nessus: 10314

Signature Description: Versions of Microsoft Windows (95, Windows for Workgroups 3.11, Windows NT up to and

including 4.0 SP3 alpha) and SCO Open Server 5.0 are vulnerable to Denial os service attack due to the way TCP/IP

"Out of Band" data is handled. If TCP URGENT bit flag is set, the system expects the end of urgent data at URGENT

POINTER. If the pointer points to end of the frame, then there is no normal data following the urgent data. As the

system expects normal data to follow, a denial of service condition is triggered. Windows ports 135-139 (NetBIOS) are

most susceptible to this attack. Rebooting the affected machine is required to resume normal system functioning.

Signature ID: 4048

WINS UDP flood DoS vulnerability

Threat Level: Severe

Industry ID: CVE-1999-0288 Bugtraq: 298 Nessus: 10315

Signature Description: Remote WINS server can be crashed by sending it a lot of UDP packets containing random

data. If you do not use WINS, then deactivate this server. An attacker may use this flaw to bring down your NT

network. The WINS server for Windows NT 4.0 is vulnerable to a denial of service attack.

Signature ID: 4049

Yahoo Messenger URL Handler Remote Denial of Service vulnerability

Threat Level: Warning

Industry ID: CVE-2005-1618 CVE-2000-0047 Bugtraq: 13626

Signature Description: Yahoo! Messenger is an advertisement-supported instant messaging client that works on

Yahoo! Messenger protocol provided by Yahoo!. In Yahoo! Messenger version 5.0 to 6.0.0.1921(inclusive), by sending

a malformed Yahoo Messenger protocol Packet to Yahoo! servers, a chat session can be disconnected. The remote

attacker can cause the denial of service (disconnect) via a 'room login' or a 'room join' request packet with a third ':'

(colon) and '&' (ampersand), which causes Messenger to send a corrupted packet to the server. This triggers a

disconnect from the server resulting in the Denial of Service condition.

Signature ID: 4050

SLMail POP service Denial of Service vulnerability

Threat Level: Critical

Industry ID: CVE-1999-0231 Bugtraq: 223 Nessus: 10255

Signature Description: SLMail is a mail server. The POP service of SLMail runs on tcp port 27. Issuing a 'VRFY' or