TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

371

372

373

374

375

376

377

378

379

380

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

378

Signature ID: 6058

FTP CWD command Buffer overflow Vulnerability

Threat Level: Information

Industry ID: CVE-2000-1035 Bugtraq: 1690 Nessus: 10084

Signature Description: Some of the FTP servers are prone to buffer overruns when handling data supplied to the CWD

command. An FTP user who supplies excessive input to this command could potentially execute arbitrary code in the

context of the server or cause a denial of service.The issue exists due to lack of sufficient boundary checks performed

on user-supplied data.TYPSoft FTP Server 0.78 and earlier are vulnerable to this attack.

Signature ID: 6063

FTP server RMD command Vulnerability

Threat Level: Critical

Signature Description: Writable FTP directories can be used as drop points for unauthorized or illegal material.Remote

attackers may remove directories.An attacker may delete important files which may result in DoS also.AppleShare IP is

a network server suite for Mac OS. The suite provides an FTP server component. The issue presents itself if a remote

attacker invokes the 'RMD' command passing a '/' character as the only argument when logged into an AppleShare IP

FTP server. This action will have the reported affect of causing the system that is hosting the FTP software to lock,

preventing any interaction and thereby effectively deny service to legitimate system users.This issue has been reported

to affect AppleShare IP 6.3.1 and previous versions

Signature ID: 6068

FTP RNFR Command data overwrite Vulnerability

Threat Level: Information

Industry ID: CVE-1999-0081

Signature Description: Wu-ftpd contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue

is triggered when an attacker sends a specially formed rnfr command. It is possible that the flaw may allow the attacker

to overwrite any file on the system as root resulting in a loss of integrity. This may also result as a DoS attack.Upgrade

to version 2.4.2 or higher.

Signature ID: 6069

Access to FTP server with 'CWD /' command Vulnerability

Threat Level: Information

Signature Description: An attacker may attempt to navigate on an FTP server to the "/" directory to list or store

unauthorized files such as unlicensed software. This rule raises an alarm in such cases.

Signature ID: 6070

BisonWare FTP server PORT command Vulnerability

Threat Level: Information

Industry ID: CVE-1999-1156

Bugtraq: 0271

Signature Description: BisonWare FTP Server 4.1 and earlier versions contain a vulnerability that could allow a

remote attacker to supply a malformed long argument to the PORT command and cause the server to crash.Solution is

to upgrade to newer versions.

Signature ID: 6071

FTP Glftpd Multiple directory traversal Vulnerabilities

Threat Level: Warning

Industry ID: CVE-2005-0483

Bugtraq: 12586

Signature Description: GlFtpD is a FTP daemon available and its versions 1.6 to 2.0 are known to have multiple