TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

381

382

383

384

385

386

387

388

389

390

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

387

Signature Description: Some of the FTP servers are prone to buffer overruns when handling data supplied to the USER

command. An FTP user who supplies excessive input to this command could potentially execute arbitrary code in the

context of the server or cause a denial of service.The issue exists due to lack of sufficient boundary checks performed

on user-supplied data.

Signature ID: 6134

FTP XCWD command Buffer overflow Vulnerability

Threat Level: Critical

Bugtraq: 8704

Signature Description: Some of the FTP servers are prone to buffer overruns when handling data supplied to the

XCWD command. An FTP user who supplies excessive input to this command could potentially execute arbitrary code

in the context of the server or cause a denial of service.The issue exists due to lack of sufficient boundary checks

performed on user-supplied data.

Signature ID: 6135

FTP XMKD command Buffer overflow Vulnerability

Threat Level: Critical

Industry ID: CVE-2000-0133 Bugtraq: 7909

Signature Description: Some of the FTP servers are prone to buffer overruns when handling data supplied to the

XMKD command. An FTP user who supplies excessive input to this command could potentially execute arbitrary code

in the context of the server or cause a denial of service.The issue exists due to lack of sufficient boundary checks

performed on user-supplied data.

Signature ID: 6136

Yak! Chat Client FTP Server Default Username Credential Vulnerability

Threat Level: Warning

Bugtraq: 9072

Signature Description: Yak! is a text-based, chat application for use on Microsoft Windows 32-bit local area

networks.It has been reported that a weakness exists in the Yak! client FTP server. This problem may increase the

chances of an attacker gaining unauthorized access to resources.The problem is in the default username credential

created with the Yak! FTP server. When the FTP server is installed, it installs a user 'y049575046' with a potentially

predictable password string by default. This user is granted full access to the file system on which the FTP server

resides.<br>

Signature ID: 6137

FTP ADMhack login

Threat Level: Critical

Signature Description: This signature generates a critical alarm when a remote user attempts to anonymously log into

the FTP server with a suspicious password "ddd@ ".This indicates that an attacker may be scanning the FTP server for

vulnerabilities using the ADMhack scanning tool.

Signature ID: 6138

FTP transfer of file authorized_keys

Threat Level: Information

Signature Description: The file "authorized_keys" is used in ssh communications to authenticate a user without the

need for a password.Retrieval of this file may allow an attacker to gain valuable information related to the genuine

hosts allowed to gain access to the machine via ssh.The information includes the hostname, IP address and the

username of authorized users. If the attacker manages to get the access to the user's .ssh directory, the public and