TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

381

382

383

384

385

386

387

388

389

390

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

384

command to trigger a format string flaw and potentially execute arbitrary code on some FTP servers.The issue exists

due to lack of sufficient format checks against user-supplied data.

Signature ID: 6116

FTP REST command Buffer overflow Vulnerability

Threat Level: Critical

Industry ID: CVE-2001-0826

Bugtraq: 2972 Nessus: 11755

Signature Description: Some of the FTP servers are prone to buffer overruns when handling data supplied to the REST

command. An FTP user who supplies excessive input to this command could potentially execute arbitrary code in the

context of the server or cause a denial of service.The issue exists due to lack of sufficient boundary checks performed

on user-supplied data.

Signature ID: 6117

FTP RETR format string Vulnerability

Threat Level: Information

Industry ID: CVE-2004-2074 Bugtraq: 9800

Signature Description: Dream FTP Server is vulnerable to a format string attack. A remote attacker could issue a

vulnerable FTP command RETR followed by a malicious format string '%n' to cause the FTP service to

crash.<br><br>

Signature ID: 6118

FTP RETR command buffer overflow Vulnerability

Threat Level: Critical

Industry ID: CVE-2003-0466 CVE-2004-0287 CVE-2004-0298 Bugtraq: 8315,23168 Nessus: 12413,11811

Signature Description: Some of the FTP servers are prone to buffer overruns when handling data supplied to the RETR

FTP command. An FTP user who supplies excessive input to this command could potentially execute arbitrary code in

the context of the server or cause a denial of service.The issue exists due to lack of sufficient boundary checks

performed on user-supplied data.

Signature ID: 6119

AppleShare FTP RMD command DOS Vulnerability

Threat Level: Information

Bugtraq: 9159

Signature Description: The Appleshare-IP FTP server is vulnerable to a denial of service attack. Remote attackers

could log into this FTP server anonymously and issue the RMD command followed by a forward-slash (/) to cause the

system to crash.Solution is to upgrade the software with 6.3.3 version.

Signature ID: 6120

FTP RMD command Buffer overflow Vulnerability

Threat Level: Critical

Industry ID: CVE-2001-0826 CVE-2000-0133 CVE-2001-1021 Bugtraq: 2972

Signature Description: Some of the FTP servers are prone to buffer overruns when handling data supplied to the RMD

command. An FTP user who supplies excessive input to this command could potentially execute arbitrary code in the

context of the server or cause a denial of service.The issue exists due to lack of sufficient boundary checks performed

on user-supplied data.