TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

381

382

383

384

385

386

387

388

389

390

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

389

server is made.The passwd file is typically located in "/etc/" directory and is used to hold the authentication information

for system logins.This file needs to be readable by all system users.

Signature ID: 6147

FTP Piss scan attempt

Threat Level: Warning

Signature Description: This event is generated when Piss scan attempt to login to FTP Servers with "cklaus" as

password. Piss vulnerability scanner is used to detect vulnerabilities in FTP Servers.

Signature ID: 6148

FTP saint scan attempt

Threat Level: Information

Signature Description: This event is generated when Saint scan attempt to login to FTP Servers with " Saint" as

password. Saint vulnerability scanner is used to detect vulnerabilities in FTP Servers.

Signature ID: 6149

FTP satan scan attempt

Threat Level: Information

Signature Description: This event is generated when Satan scan attempt to login to FTP Servers with "Satan" as

password. Satan vulnerability scanner is used to detect vulnerabilities in FTP Servers.

Signature ID: 6150

FTP shadow file retrieval attempt

Threat Level: Information

Signature Description: This event is generated when an attempt to download a copy of the "shadow" file from the

server is made.The shadow file is typically located in "/etc/" directory and contains the authentication information for

system logins.This file is generally used on muli-user systems to provide greater security for user passwords. This file

should only be readable by the super user.This rule generates an event in case an attempt is made to transfer the file

"shadow" using FTP.

Signature ID: 6152

Wu-ftp file globbing heap corruption using [ Vulnerability

Threat Level: Information

Industry ID: CVE-2001-0550 CVE-2001-0886 Bugtraq: 3707,3581 Nessus: 10821

Signature Description: A Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash)

and possibly execute arbitrary code via a glob pattern that ends in a brace "[" character.This problem is observed in wu-

ftpd 2.6.1 server.Solution is to upgrade to the latest wu-ftpd version.

Signature ID: 6153

Wu-ftp file globbing heap corruption using { Vulnerability

Threat Level: Information

Industry ID: CVE-2001-0550

CVE-2001-0886 Bugtraq: 3707,3581 Nessus: 10821

Signature Description: A Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash)

and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character.This problem is observed in

wu-ftpd 2.6.1 server.Solution is to upgrade to the latest wu-ftpd version.