Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
381382383384385386387388389390
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
382
may exploit this issue to corrupt a saved instruction pointer and in doing so may potentially influence execution flow of
the affected service using the attacker-supplied instructions.
Signature ID: 6105
WS_FTP Server resource consumption DOS Vulnerability
Threat Level: Information
Bugtraq: 9237
Signature Description: WS_FTP Server 4.02 is reported to be prone to a resource consumption issue that may lead to a
denial of service.A remote attacker may trigger this vulnerability by using a sequence of periods as an argument to the
FTP CWD command.Subsequent to this action, the attacker will need to create a directory using FTP MKD command.
This will reportedly cause the FTP server to exponentially consume system resources and behave in an unstable
manner.Solution is to upgrade to latest version.
Signature ID: 6106
FTP CWD command root directory traversal attempt
Threat Level: Critical
Industry ID: CVE-2003-0392 Bugtraq: 7674 Nessus: 11677
Signature Description: Directory traversal vulnerability in ST FTP Server 3.0 which allows remote attackers to access
arbitrary directories via a CD command with a DoS drive letter argument (e.g. E:)
Signature ID: 6107
FTP DELE command Buffer overflow Vulnerability
Threat Level: Critical
Industry ID: CVE-2001-0826 CVE-2001-1021 Bugtraq: 2972
Signature Description: Some of the FTP servers are prone to buffer overruns when handling data supplied to the DELE
command. An FTP user who supplies excessive input to this command could potentially execute arbitrary code in the
context of the server or cause a denial of service.The issue exists due to lack of sufficient boundary checks performed
on user-supplied data.
Signature ID: 6108
FTP LIST command buffer overflow Vulnerability
Threat Level: Critical
Industry ID: CVE-2004-2111 Bugtraq: 10181,8486,9675
Signature Description: Some of the FTP servers are prone to buffer overruns when handling data supplied to the LIST
command. An FTP user who supplies excessive input to this command could potentially execute arbitrary code in the
context of the server or cause a denial of service.The issue exists due to lack of sufficient boundary checks performed
on user-supplied data.Solution is to upgrade to latest version.
Signature ID: 6109
FTP LIST command directory traversal Vulnerability
Threat Level: Information
Industry ID: CVE-2001-0680
Bugtraq: 2618 Nessus: 11112
Signature Description: Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and AVT/Term 5.0 allows a
remote attacker to traverse directories on the web server via a "dot dot" attack in a FTP LIST (ls) command.This issue
is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the FTP
command.